Sample controller code: (This is not production quality code. It is meant only to suggest an approach to use).
def isloggedin_cookieless0(self): request,response,session,cache,T,db=self._globals() retIsLoggedIn = False person_id = session.person_id retIsLoggedIn = True if person_id else False if retIsLoggedIn: resmsg = T("OK") else: resmsg = T("Not Logged In") return (retIsLoggedIn, resmsg) def isloggedin_cookieless(self): request,response,session,cache,T,db=self._globals() session_id_tuple0 = response.session_id # example 'None:d602d501-877d-42aa-9b52-0e58a91b8336' session_tuple_split = session_id_tuple0.split(':') session_record_id = session_tuple_split[0] session_guid = session_tuple_split[1] if session_record_id == 'None': session_record_id_fromweb2py = response.session_record_id else: session_record_id_fromweb2py = int(session_record_id) if 'cred' in request.post_vars: basic_cred = request.post_vars.cred if not basic_cred[:6].lower() == 'basic ': basic_cred = 'basic ' + basic_cred if not basic_cred or not basic_cred[:6].lower() == 'basic ': user = None pwd = None else: import base64 (user, pwd) = base64.b64decode(basic_cred[6:]).split(':') pwdcrypt=CRYPT()(pwd)[0] rows=db(db.person.email==user)\ (db.person.password==pwdcrypt).select() if rows: session.person_id=rows[0].id retIsLoggedIn, resmsg = self.isloggedin_cookieless0() result = '{ "IsLoggedIn": "%s", "session_record_id_fromweb2py":"%s", "session_guid_fromweb2py":"%s","resmsg": "%s"}' % (retIsLoggedIn, session_record_id_fromweb2py, session_guid, resmsg) # Use this if called from xmlHttpRequest in Javascript response.headers['Content-Type'] = 'application/jsonp' response.headers['Access-Control-Allow-Origin'] = '*' # CORS response.view = 'generic.jsonp' # Using python code in file init/views/generic.jsonp to leave data unescaped return result def login_cookieless(self): request,response,session,cache,T,db=self._globals() resmsg = T("Invalid login credentials") retIsLoggedIn, resmsg = self.isloggedin_cookieless0() if retIsLoggedIn: resmsg = T("Already Logged In") if (not retIsLoggedIn) and (request.is_https or (request.client=='127.0.0.1')): basic_cred = request.post_vars.cred if not basic_cred or not basic_cred[:6].lower() == 'basic ': user = None pwd = None else: import base64 (user, pwd) = base64.b64decode(basic_cred[6:]).split(':') pwdcrypt=CRYPT()(pwd)[0] rows=db(db.person.email==user)\ (db.person.password==pwdcrypt)\ (db.person.registration_key=='').select() if rows: retIsLoggedIn = True session.person_id=rows[0].id session.person_name=rows[0].name session.person_email=rows[0].email ressessioncookiename = response.session_id_name sessiontuplesplit = response.session_id.split(':') session_record_id = sessiontuplesplit[0] session_guid = sessiontuplesplit[1] resmsg = T("Login Successful") result = '{ "IsLoggedIn":"%s", "sessioncookiename_fromweb2py":"%s", "session_record_id_fromweb2py":"%s", "session_guid_fromweb2py":"%s", "resmsg":"%s"}' % (retIsLoggedIn, ressessioncookiename, session_record_id, session_guid, resmsg) # Use this if called from xmlHttpRequest in Javascript response.headers['Content-Type'] = 'application/jsonp' response.headers['Access-Control-Allow-Origin'] = '*' # CORS response.view = 'generic.jsonp' # Using python code in file init/views/generic.jsonp to leave data unescaped return result --