[mod_python] best practices; was "is mod_python borked?"

Sells, Fred fred at adventistcare.org
Fri Nov 3 09:31:47 EST 2006

The following is extracted from Graham's reply with questions of my own

Note that I use Apache 2.x and python 2.3 and mod_python 3.1.3 on linux.

>As long as you don't run up against the trailing slash and base url issues.
I gues I haven't hit them, not sure what they are, are they documented
somewhere. Isn't there an Apache module that fixes this?

>Personally I don't like publisher as it is, but to fix it properly would
>likely break a lot of existing user code.
I have found that while the publisher code looks cool, it is an empty shell
around my backend, where each function just calls a method in my application
"Controller".  I have to modify that "shell" and also my backend everytime I
add a feature/method to the backend, which is not "DRY".  Graham, do you
have a "best practices" snippet of writing your own handler to function
similar to the url mapping of the publisher.  I see no reason to do more
than pass **kwargs, since that means there is no impact on the backend api
(but of course on the logic) if I add a parameter in the post.

>if you're using Session objects, Best practice is to use code like:

  if not hasattr(req, 'session'):
    req.session = Session.Session(req)

>Things can still get a bit tricky if you are using req.internal_redirect()
>though. What you can do there depends on which version of mod_python you
This is really cool, I was afraid to mess with the request object, but from
this and other posts, it looks like that's a common practice. Is there a
place that documents the differences between 3.1 and 3.2 on the

>Anyway, important thing is that it sounds like you have at least not tried
>do it in the PythonHandler phase like most do, which to my mind is the
>way of going about it. It should be done in an earlier phase so that it can
>cover non mod_python stuff as well, like you indicate your version does.

OOPS! :(   I did exactly that.  I had read the info in the manual about not
doing that, 
but then my brain got full.  my apache.conf file follows, can you suggest

PythonPath "['.', '/home/acctools/accpython'] + sys.path"
ScriptAlias /logic/ "/var/www/modpy/logic/"

<Directory "/var/www/modpy/logic">  #publishers reside here, backend logic
on pythonpath per above
        SetHandler python-program
        PythonHandler  modpy.security mod_python.publisher
        PythonDebug On

<Directory "/var/www/html/rds">
        AddHandler mod_python .html
        PythonHandler  modpy.passthru #passthru calls the handler in
security, then writes the url
        PythonDebug On

#note: I've edited this to reflect the earlier advice on sessions, but have
not tested yet
# in cleaning this up for public viewing, it may not compile.

def handler(req):
    if not hasattr(req, 'session'):
	  req.session = Session.Session(req)    
    uname = req.session.get(UNAME, None)
    if uname==None: 
        cookie = get_cookie(req, ACC_COOKIE)  #my simple function, std
mod_python cookie stuff
        if cookie == None:
            return util.redirect(req, MY_LOGIN_URL)
            uname = get_uname_from_corporate_server(cookie)
            if uname==None:        
                return util.redirect(req, MY_LOGIN_URL)
            elif uname[:5]==ERROR: 
                return apache.HTTP_FORBIDDEN
                req.session[UNAME] = uname
    return apache.OK

The information contained in this message may be privileged and / or
confidential and protected from disclosure. If the reader of this message is
not the intended recipient, you are hereby notified that any dissemination,
distribution or copying of this communication is strictly prohibited. If you
have received this communication in error, please notify the sender
immediately by replying to this message and deleting the material from any

More information about the Mod_python mailing list