I'm creating a XMLRPC webservice with web2py, everything works perfect. In order to restrict access to the webservice, acordingly to the docs, you have to decorate the function that instantiates the webservice, for example:
@auth.requires_login() def call(): return service() @service.xmlrpc def check(): return auth.user.email So, in order to connect to this webservice, you would have to pass the user and password in the url, like this: http://user:email@domain/default/call/xmlrpc And then you would be able to run the function "check()" of the webservice. So far all good. But what if I want to create a public webservice, and include a function for login (taking user and email as arguments)? The function should login the user and next calls to other functions should be able to check if user is logged in. I've tried this with no success: def call(): return service() @service.xmlrpc def login(data): user = auth.login_bare(data['email'], data['password']) if not user: return False else: auth.login_user(user) return True @service.xmlrpc def check(): if auth.is_logged_in(): return auth.user.email else: return False However this doesn't work. I can succesfully connect to the webservice, and I can succesfully execute "login()" function, but then inmediately I execute "check()" function and I always receive False, so the session isn't created. For the testing client I'm using class ServerProxy from python xmlrpclib. I know this is easy to fix (using the first of the two examples shown here), but not all clients support basic authentication and I'm trying to figure out what to do for those cases. Thanks in advance! -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.