Thank you for you reply, that's useful info.
As to the second part of my question, how would I enforce this as the
user leaves my site? Since gaeutilities sessions persist in the
datastore, I would need some way of knowing when the user leaves the
site so that I can either delete the session or set some variable in
it indicating that the user logged out.
On Jan 28, 9:02 am, Blixt <andreasbl...@gmail.com> wrote:
> If you're familiar with Python:
> If you've got separate request handlers for the parts of the site that
> require login and the parts that don't, you can make a function
> descriptor that checks if the user is logged in before calling the
> actual function. If the user is not logged in, it redirects to a login
> page. Then you can use this descriptor on the get / post methods.
>
> Google provides this functionality with their @require_login
> descriptor that redirects to the Google Accounts login page if the
> user is not logged in, but this doesn't work when rolling your own
> authentication system, obviously.
>
> If you're not familiar with Python:
> The simplest way is probably to just make a function you can call that
> returns True if the user is logged in. If the user is not logged in,
> it redirects the user to your login page, then returns False. In your
> actual get / post method you check whether the result of this function
> is False, and if so, you leave the method:
>
> def logged_in(request):
> if [user is logged in]:
> return True
> request.redirect('/login')
> return False
>
> class UserSettings(webapp.RequestHandler):
> def get(self):
> if not logged_in(self): return
> # show page
>
> On Jan 28, 3:13 am, solidus <e.smolens...@gmail.com> wrote:
>
>
>
> > Hi all,
>
> > I'm new to appengine and somewhat new to web development. My question
> > is regarding proper ways to use sessions.
>
> > I'm currently messing around using the gaeutilities sessions module. I
> > have a basic login page and some content. The question is what is the
> > standard/best practice way to ensure that users aren't accessing parts
> > of your site (via direct URL) without first going through the login
> > screen?
>
> > Also, how does one go about deleting or clearing session data once the
> > user leaves the site without logging out first?
>
> > Thanks!- Hide quoted text -
>
> - Show quoted text -
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Google App Engine" group.
To post to this group, send email to google-appengine@googlegroups.com
To unsubscribe from this group, send email to
google-appengine+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/google-appengine?hl=en
-~----------~----~----~----~------~----~------~--~---
