|
mog
lists at elasticmind.net
Sun May 10 19:02:06 EDT 2009
Greetings,
Hope you are well. I'm working on an application that has a number of
pages that require users to log in. To make this nice and easy for the
users, when they hit a page that needs authentication, I'd like the page
to just call the function that handles all the login code and template
rendering transparently, and then just redirect them back to the
original URI they gave - so that from a user's point of view, the URI
doesn't change.
The program kinda works like this:
# User goes to /mypage
def index(req):
if not hasattr(req, "websess"):
req.websess = Session.DbmSession(req, timeout=1200)
req.websess.save()
... sets some variables like title and stuff ...
if user isn't logged in:
from myapp.login import index as login_page
return login_page(req, req.uri, 'template.html', title)
else user must be loggedin:
pull some data from the database and render the page using a
templete
return ...template...
# login_page() function called by '/mypage'
def index(req, refer_uri=None, refer_tmpl=None, refer_title=None):
if not hasattr(req, "websess"):
req.websess = Session.DbmSession(req, timeout=1200)
req.websess.save()
... render a template containing a login form...
... user clicks the Login submit button after entering the username
and password in the form...
... The html form action causes the referrer page (/mypage) to be
reloaded...
... User is not logged in so process repeats with /login/index being
called again having req data passed to it...
... /login/index checks the users login details and accepts the
login request ...
if user login is accepted:
req.websess.unlock()
# redirect back to /mypage since login was successful.
req.internal_redirect(refer_uri)
I didn't want to post a load of code that wasn't relevant, but I hope
the pseudo code helps a little bit to explain what I was trying to achieve.
This method works fine when the URI has no GET arguments, for example;
if the user wants to go to the /mypage URI directly - it's fine.
However, if the URI does have arguments, like /mypage?id=18, then the
application keeps displaying the login page all the time and doesn't
process the login correctly - or at least it seems.
All the login stuff is done using POST, but the URI arguments for the
/mypage code is done using GET. Since this is what apparently causes it
to break, I'm assuming there must be something wrong here, but I'm not
sure. Perhaps there is a better way of doing this, or if I want to use
GET arguments as well, I need to go about solving this problem a
different way?
Any help or advice would be greatly appreciated. Thanks you in advance
for your time and consideration.
|