[mod_python] Authentication and security in general

Graham Dumpleton grahamd at dscpl.com.au
Tue Apr 25 18:37:27 EDT 2006


Deron Meranda wrote ..
> Then for the entire website (/ url), excluding /login and /error, I have
> a PythonAccessHandler which verifies the cookie, and will cause
> an HTTP 401 Unauthorized if it's not correct or has expired.  If
> it's okay, then it stuffs information about the user into the req
> object so the content handlers can get to it if desired, as well as
> setting up and loading the session object (if you use sessions).

Just be mindful of the DirectoryIndex fast redirect problem if you are
stuffing user info in the req object from an access handler, as such
information will not actually turn up in the request object in the
content handler phase but will be lost. This is more an Apache
problem than mod_python and it doesn't look like Apache will be
changed real soon. See:

  https://issues.apache.org/jira/browse/MODPYTHON-146
  http://www.mail-archive.com/[email protected]/msg01736.html

for more information on what I am rambling about. :-)

Graham


More information about the Mod_python mailing list