|
Graham Dumpleton
grahamd at dscpl.com.au
Sat May 20 06:33:03 EDT 2006
As I said I might, am posting here (as attachment) some code of my own which does session management with form based login. In this case, it is using a multitude of redirects to do part of what it needs to do. This code is probably going to be a bit different to what you have probably seen before. This is because it will only work with mod_python 3.3 from trunk of source code repository. This is the case as it is using specific features of this new version of mod_python to allow it to be implemented as an authenhandler. Note that this code is very much an experiment in progress to allow me to try out ideas and workarounds for some mod_python problems. I don't guarantee that it will always work especially as I hadn't touched it for a while and had to quickly fix a few things. Someone may find it of interest though. Anyway, by virtue of it being implemented as an authenhandler, the code can technically perform authentication for files being served up as static files or by mod_python, or even other Apache modules such as PHP or mod_perl. Thus, it is a general purpose session based login mechanism. As far as the login page goes, it can be implemented as static HTML, as a PSP page, using mod_python.publisher, or again using some other system such as PHP or mod_perl. To specify whether files are public or private, you do stuff like the following in your Apache configuration file: # Enable our session manager as primary means of # performing authentication. Specify that all files in # the directory are 'Private' by default and therefore # require user to have successfully logged in. AuthType Session AuthName Private # Ensure that the login page is publically accessible. # This must be done else they will not get opportunity # to login in the first place. <Files login.html> AuthName Public </Files> # Now specify other files which don't actually require # the user to have logged in. This might for example be # the main index page. The empty case is intentional as # that ensures that access to the directory itself will # work, with the request actually being redirected # internally to the publically accessible index file. <Files ~ '^(|index.html)$'> AuthName Public </Files> Wish you all fun trying to understand it. :-) If you do have questions, you better be quick, as am about to go on holidays. Graham -------------- next part -------------- A non-text attachment was scrubbed... Name: sessionmanager.tar.gz Type: application/x-gzip Size: 6380 bytes Desc: not available Url : http://mm_cfg_has_not_been_edited_to_set_host_domains/pipermail/mod_python/attachments/20060520/813620d0/sessionmanager.tar.gz
|