[mod_python] Example of session management using redirects.

Graham Dumpleton grahamd at dscpl.com.au
Sat May 20 06:33:03 EDT 2006

As I said I might, am posting here (as attachment) some code of my own
which does session management with form based login. In this case, it
is using a multitude of redirects to do part of what it needs to do.

This code is probably going to be a bit different to what you have  
seen before. This is because it will only work with mod_python 3.3 from
trunk of source code repository. This is the case as it is using  
features of this new version of mod_python to allow it to be implemented
as an authenhandler.

Note that this code is very much an experiment in progress to allow me
to try out ideas and workarounds for some mod_python problems. I
don't guarantee that it will always work especially as I hadn't touched
it for a while and had to quickly fix a few things. Someone may find  
it of
interest though.

Anyway, by virtue of it being implemented as an authenhandler, the  
code can
technically perform authentication for files being served up as  
static files or
by mod_python, or even other Apache modules such as PHP or mod_perl.
Thus, it is a general purpose session based login mechanism.

As far as the login page goes, it can be implemented as static HTML, as
a PSP page, using mod_python.publisher, or again using some other
system such as PHP or mod_perl.

To specify whether files are public or private, you do stuff like the  
in your Apache configuration file:

   # Enable our session manager as primary means of
   # performing authentication. Specify that all files in
   # the directory are 'Private' by default and therefore
   # require user to have successfully logged in.

   AuthType Session
   AuthName Private

   # Ensure that the login page is publically accessible.
   # This must be done else they will not get opportunity
   # to login in the first place.

   <Files login.html>
   AuthName Public

   # Now specify other files which don't actually require
   # the user to have logged in. This might for example be
   # the main index page. The empty case is intentional as
   # that ensures that access to the directory itself will
   # work, with the request actually being redirected
   # internally to the publically accessible index file.

   <Files ~ '^(|index.html)$'>
   AuthName Public

Wish you all fun trying to understand it. :-)

If you do have questions, you better be quick, as am about to go on  


-------------- next part --------------
A non-text attachment was scrubbed...
Name: sessionmanager.tar.gz
Type: application/x-gzip
Size: 6380 bytes
Desc: not available
Url : http://mm_cfg_has_not_been_edited_to_set_host_domains/pipermail/mod_python/attachments/20060520/813620d0/sessionmanager.tar.gz

More information about the Mod_python mailing list