|
Graham Dumpleton
grahamd at dscpl.com.au
Thu Feb 23 17:04:14 EST 2006
I actually get a 500 error if I set up __auth__ function the way you have written it. This is because of error as described in: http://issues.apache.org/jira/browse/MODPYTHON-43 Specifically, the __auth__ function is executed in the context of the globals from mod_python.publisher and not the same file as the __auth__ function is in. This means the __auth__ function when executed can't access the validate_user() function. Do you actually have everything in the one file like this? Other than that, the __auth__ function is being executed for me. Can you post the snippet of the Apache configuration where you set PythonHandler etc for this directory? Further comments below. Robert Thomas Davis wrote .. > Hey all (mostly graham though) > > Here is exactly what I am trying to do... > > from mod_python import apache > from mod_python import psp > from mod_python.Session import Session > import sys, time > from sql_defines import * > from connection_defines import USER, PASS > > # db connection > db_conn = apache.import_module('db_conn', log=1) > db = db_conn.connection('Cursor') > device = apache.import_module('device', log=1) Anything not preceeded by an underscore will be accessible by a URL if using publisher. Thus, users could accessed internals of "db". > def validate_user(req, user, passwd): > > if passwd == PASS: > # user has successfully authenticated > sess = Session(req) > > if sess.has_key('max_inactive'): > # this is an existing session > > # check length of inactivity > elapsed = time.time() - > sess['last'] > > # reset timer for next request > sess['last'] = time.time() > sess.save() The Session class already maintains a last accessed time. Call sess.last_accessed() to get it. Note though that Session class doesn't autosave. So even if you don't update other data in the session, you will still need to save the session if you want last accessed time to be saved and for automatic session timeouts to work. > # compare elapsed to maximum > allowed > if elapsed > > sess['max_inactive']: > sess.delete() > > # force user to > reauthenticate > return 0 > else: > #...still within time > limit > > # allow user to > continue > return 1 > else: > # new session > > # set maximum inactivity > allowed > sess['max_inactive'] = 500 > > # initialize timer > sess['last'] = time.time() > > sess.save() > > # allow user to continue > return 1 > else: > # force user to reauthenticate > return 0 Again, no leading underscore so validate_user() is directly accessible to use. Also, Session class has session timeout mechanism. > def handle_page_build(req, obj, **kwargs): > > try: > __create_tables() > page = obj(req, **kwargs) > except: > error_page = error.error_page(req, > sys.exc_info()) > return error_page.build() > else: > return page.build() The validate_user() function is also accessible. > def index(req): > > return main(req) > > > def main(req): > > return handle_page_build(req, home.home_page) > > > def devices(req): > __auth_realm__ = "Devices!" > def __auth__(req, user, passwd): > return validate_user(req, user, > passwd) > return handle_page_build(req, > device.devices_page) Graham
|