I better mention, that I rather make it all in python and html (found out that python somehow works with asp)
I know that what I have to do is the following:
1) When the user logs in, I have to store a session ID in a cookie
In actual fact it's best not to wait until the user logs in: every request that comes in for the service should be examined for the cookie (which the browser will always return once it's received it). If there's no cookie then the server should include one in its response.
That way, each session is identified by a unique cookie value, which can be used (among other things) to locate any state that's associated with the sessions (such as a "who is this user" variable).
2) When page1 is loaded(upon correctly entered username/password) the cookie has to be sent to page 1 and on page one there should be a tjeck to see if the cookies has the right values.
Not quite: the cookie (retained on the client and sent to the server with each request) just identifies the session, and the session state storage (maintained on the server, one per active session) holds the information about the session like whether the user has logged in, what's in their shopping cart, and so on.
Each page (or, if you are using an application framework like Webware, the framework) can examine state memory to determine whether the conditions for access have been met, and redirect to an error page if not. For this purpose ASP maintained a "Session" object for each session's state memory.
3) everytime a page is loaded, there has to be a tjeck, to see if the cookies has the right value, if not the page shouldt be loaded, and the user should be redirected back to login page.
Almost, see above.
It does sound very easy to make: Create a store-holder(cookies), create a session ID upon log in, tjeck if it is the right sessionID in the cookies everytime a page is loaded, if not redirect back to log in page.It's true that there isn't actually much on the web that explains sessions with specific reference to Python. I can, however, after quite a lot of searching, thoroughly recommend
But eventhough it sounds easy, I cant quite get the hold of if..
I tried googling, but didnt really find anything, that helpfull...
http://webapparch.sourceforge.net/
for an overview of what happens in a session-oriented web service. I would suggest you start with Section 8, and then read the whole thing, or at least all parts that interest you.
Of course usually some mechanism supported by the specific server in use is involved.Any more advice...
http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/65110
does show how to generate session IDs, but then you have to deliver them as cookies (of course, for security reasons you don't want session IDs to be easily guessed, as this would allow someone to "hijack" an existing session by impersonating a browser holding the right cookie value).
If you are prepared to read a bit of PHP (sorry ...) then
http://www.phpbuilder.com/columns/paul20020729.php3
explains the details of session maintenance sufficiently clearly that you would get a good idea of how to implement the same ideas in Python.
Once again thanks for your time....
Sincerly Pete
[...]
You're welcome.
regards Steve
-- http://mail.python.org/mailman/listinfo/python-list
