Hello Graham!
Thank you very much for your suggestion! I tried several things today
and it seems that
it does matter which one of the apache child processes receive the
request.
I still do not understand why this should be a problem, because my
session is kept entirely in the cookie
that is sent back and forth to the server. Here is how I create my
application in my main source code file:
import web
from beaker.middleware import SessionMiddleware
...
urls = (
# some url mappings...
)
def session_mw(app):
date_now = datetime.datetime.now()
expiration_period = datetime.datetime(date_now.year + 1,
date_now.month%12 + 1, date_now.day, date_now.hour, date_now.minute)
return SessionMiddleware(app, key = "sid", cookie_expires =
expiration_period,secret='randomsecret')
application = session_mw(web.wsgifunc(web.webpyfunc(urls, globals())))
...
Basically, I set implicitly the type of the session to a cookie-only
session. I also set the expiration period of the cookie to one month
and the secret key for the signing. In this way, the entire session
data is stored in the cookie and is sent to the
browser with the response and respectively to the server with the
request. In this situation, I think, it does not matter which one
of the apache child processes will receive the request, because it
should receive the cookie with all the data that is needed to
reconstruct the session correctly. Nevertheless, I am wrong somewhere
obviously, because it is not working. I printed the process id of the
apache child process
for each request, and I realized that if a request is received by the
same child process as the one that performed the login, the session is
reconstructed correctly and the request is carried on as it should.
Otherwise, if a request is received by some of the other apache
processes, the application rejects the cookie and redirects to the
login screen (as if the user was not logged in).
Although it sounds a little improbable, but is it possible that Beaker
uses some of the process information (like the PID) to verify the
cookies? In such way, if the cookie was created by the child process
X, it will not be accepted by the child process Y.
Or do I have to put something in the configuration files of apache and/
or mod_wsgi to resolve this?
I feel very confused..
Petko
On Aug 28, 2:26 am, Graham Dumpleton <[EMAIL PROTECTED]>
wrote:
> You do realise that Apache is a multi process web server. If the way
> you have set session database is such that it is in memory things will
> not work. This is because each process handling requests will be
> referring to a different session database. When using Apache in multi
> process configuration something like a session database has to be in a
> shared resource accessible to all processes.
>
> Graham
>
> On Aug 28, 2:01 am, Petko <[EMAIL PROTECTED]> wrote:
>
> > Hi everybody!
>
> > To start, I am quite new to this group and to web.py in general. I
> > will be very thankful if somebody from the community can help me with
> > the problem that I have.
>
> > Basically, I am writing a web application that uses version 0.23
> > together with encrypted cookie-based beaker sessions (version 0.9.4).
> > The web application performs an authentication step
> > with a small login screen and saves the user info in the session
> > cookie. Furthermore,
> > all GET and POST methods in my controller classes are decorated with a
> > decorator that
> > looks in the session to check if the user is logged in. If not, then
> > it redirects to the login page.
> > Otherwise, it proceeds with the request. As far as I know, this is a
> > standard way for doing access control in web.py. So far, so good.
>
> > When I tested the application with the web.py's own web server
> > (CherryPy/3.0.1), everything
> > worked just fine. Then, I deployed it on Apache/2.2.8 (Ubuntu) with
> > mod_wsgi and without
> > any mod_rewrite rules and I encountered a very weird problem. After I
> > log in, the application sets
> > correctly the cookie in the browser that stores the user information,
> > but on any subsequent
> > XmlHttpRequest's (GET or POST) and sometimes when I reload the main
> > page the beaker
> > module does not like the cookie that is sent back to the web server.
> > It just creates
> > a new empty session, when I invoke session =
> > web.ctx.environ['beaker.session'] in my code (which
> > is essentially equal to a logout) and redirects me to the login
> > screen.
>
> > Here is a dump of the HTTP header of a request that is sent to the
> > server, where the problem occurs (the dump was made in the web.py
> > application by printing out web.ctx.environ):
>
> > ctx.environ: {'mod_wsgi.reload_mechanism': '0',
> > 'mod_wsgi.listener_port': '80', 'HTTP_REFERER': 'http://test/
> > application.py/login', 'mod_wsgi.listener_host': '',
> > 'beaker.get_session': <bound method SessionMiddleware._get_session of
> > <beaker.middleware.SessionMiddleware object at 0x12eb690>>,
> > 'SERVER_SOFTWARE': 'Apache/2.2.8 (Ubuntu) mod_python/3.3.1 Python/
> > 2.5.2 mod_wsgi/1.3', 'SCRIPT_NAME': '/application.py',
> > 'SERVER_SIGNATURE': '<address>Apache/2.2.8 (Ubuntu) mod_python/3.3.1
> > Python/2.5.2 mod_wsgi/1.3 Server at test Port 80</address>\n',
> > 'REQUEST_METHOD': 'GET', 'HTTP_KEEP_ALIVE': '300', 'SERVER_PROTOCOL':
> > 'HTTP/1.1', 'QUERY_STRING': 'type=topic&id=all&_=1219850978947',
> > 'PATH': '/usr/local/bin:/usr/bin:/bin', 'HTTP_ACCEPT_CHARSET':
> > 'ISO-8859-1,utf-8;q=0.7,*;q=0.7', 'HTTP_USER_AGENT': 'Mozilla/5.0
> > (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208
> > Firefox/3.0.1', 'HTTP_CONNECTION': 'keep-alive', 'HTTP_COOKIE':
> > 'sid=2d7e109489665220b0342dd4fc7881ee40d277eaaa5c64af17f6cd7e018d216202a756
> > 46',
> > 'SERVER_NAME': 'test', 'REMOTE_ADDR': '87.121.16.27',
> > 'wsgi.url_scheme': 'http', 'mod_wsgi.output_buffering': '0',
> > 'PATH_TRANSLATED': '/home/app/trunk/FeedFront/get_content',
> > 'SERVER_PORT': '80', 'wsgi.multiprocess': True, 'SERVER_ADDR':
> > '209.20.83.113', 'DOCUMENT_ROOT': '/home/app/trunk/FeedFront',
> > 'mod_wsgi.process_group': '', 'HTTP_X_REQUESTED_WITH':
> > 'XMLHttpRequest', 'SCRIPT_FILENAME': '/home/app/trunk/FeedFront/
> > application.py', 'SERVER_ADMIN': '[EMAIL PROTECTED]', 'wsgi.input':
> > <mod_wsgi.Input object at 0x1f8e7b0>, 'HTTP_HOST': 'test',
> > 'beaker.session': {'_accessed_time': 1219851139.6110289,
> > '_creation_time': 1219850922.7892039}, 'wsgi.multithread': False,
> > 'mod_wsgi.callable_object': 'application', 'REQUEST_URI': '/
> > application.py/get_content?type=topic&id=all&_=1219850978947',
> > 'HTTP_ACCEPT': '*/*', 'wsgi.version': (1, 0), 'GATEWAY_INTERFACE':
> > 'CGI/1.1', 'mod_wsgi.case_sensitivity': '1', 'wsgi.errors':
> > <mod_wsgi.Log object at 0x1fcd150>, 'REMOTE_PORT': '4683',
> > 'HTTP_ACCEPT_LANGUAGE': 'en-us,en;q=0.5', 'wsgi.run_once': False,
> > 'mod_wsgi.application_group': 'test|/application.py',
> > 'mod_wsgi.script_reloading': '1', 'HTTP_ACCEPT_ENCODING':
> > 'gzip,deflate', 'PATH_INFO': '/get_content'}
>
> > The cookie is sent obviously since 'HTTP_COOKIE':
> > 'sid=2d7e109489665220b0342dd4fc7881ee40d277eaaa5c64af17f6cd7e018d216202a756
> > 46'
>
> > but here is what the beaker session contains:
> > _accessed_time=1219851139.61, _creation_time=1219850922.79
>
> > and here is what it should contain:
> > loggedin=True, _accessed_time=1219851139.61,
> > user=<app.models.User.User instance at 0x1549830>, _cr
> > eation_time=1219850888.67
>
> > I feel very confused with this problem and I don't know what
> > additional information to provide, so please
> > ask.
> > Many thanks in advance!
>
> > Petko
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"web.py" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at http://groups.google.com/group/webpy?hl=en
-~----------~----~----~----~------~----~------~--~---
