Thank you for you reply, that's useful info. As to the second part of my question, how would I enforce this as the user leaves my site? Since gaeutilities sessions persist in the datastore, I would need some way of knowing when the user leaves the site so that I can either delete the session or set some variable in it indicating that the user logged out.
On Jan 28, 9:02 am, Blixt <andreasbl...@gmail.com> wrote: > If you're familiar with Python: > If you've got separate request handlers for the parts of the site that > require login and the parts that don't, you can make a function > descriptor that checks if the user is logged in before calling the > actual function. If the user is not logged in, it redirects to a login > page. Then you can use this descriptor on the get / post methods. > > Google provides this functionality with their @require_login > descriptor that redirects to the Google Accounts login page if the > user is not logged in, but this doesn't work when rolling your own > authentication system, obviously. > > If you're not familiar with Python: > The simplest way is probably to just make a function you can call that > returns True if the user is logged in. If the user is not logged in, > it redirects the user to your login page, then returns False. In your > actual get / post method you check whether the result of this function > is False, and if so, you leave the method: > > def logged_in(request): > if [user is logged in]: > return True > request.redirect('/login') > return False > > class UserSettings(webapp.RequestHandler): > def get(self): > if not logged_in(self): return > # show page > > On Jan 28, 3:13 am, solidus <e.smolens...@gmail.com> wrote: > > > > > Hi all, > > > I'm new to appengine and somewhat new to web development. My question > > is regarding proper ways to use sessions. > > > I'm currently messing around using the gaeutilities sessions module. I > > have a basic login page and some content. The question is what is the > > standard/best practice way to ensure that users aren't accessing parts > > of your site (via direct URL) without first going through the login > > screen? > > > Also, how does one go about deleting or clearing session data once the > > user leaves the site without logging out first? > > > Thanks!- Hide quoted text - > > - Show quoted text - --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~----------~----~----~----~------~----~------~--~---