I don't know anything about Beaker itself.
You can though avoid the problem if related to multi process nature of
Apache by using daemon mode of mod_wsgi and have your application run
in a single process. Add the following to your Apache configuration:
WSGIDaemonProcess myapp threads=15
WSGIProcessGroup myapp
This will run your application in a single process with 15 threads.
All requests will thus be handled by same process and so if it is
dependent on pid or on in memory session data, should work.
Graham
On Aug 29, 1:58 am, Petko <[EMAIL PROTECTED]> wrote:
> Hello Graham!
> Thank you very much for your suggestion! I tried several things today
> and it seems that
> it does matter which one of the apache child processes receive the
> request.
>
> I still do not understand why this should be a problem, because my
> session is kept entirely in the cookie
> that is sent back and forth to the server. Here is how I create my
> application in my main source code file:
>
> import web
> from beaker.middleware import SessionMiddleware
> ...
> urls = (
> # some url mappings...
> )
>
> def session_mw(app):
> date_now = datetime.datetime.now()
> expiration_period = datetime.datetime(date_now.year + 1,
> date_now.month%12 + 1, date_now.day, date_now.hour, date_now.minute)
> return SessionMiddleware(app, key = "sid", cookie_expires =
> expiration_period,secret='randomsecret')
>
> application = session_mw(web.wsgifunc(web.webpyfunc(urls, globals())))
> ...
>
> Basically, I set implicitly the type of the session to a cookie-only
> session. I also set the expiration period of the cookie to one month
> and the secret key for the signing. In this way, the entire session
> data is stored in the cookie and is sent to the
> browser with the response and respectively to the server with the
> request. In this situation, I think, it does not matter which one
> of the apache child processes will receive the request, because it
> should receive the cookie with all the data that is needed to
> reconstruct the session correctly. Nevertheless, I am wrong somewhere
> obviously, because it is not working. I printed the process id of the
> apache child process
> for each request, and I realized that if a request is received by the
> same child process as the one that performed the login, the session is
> reconstructed correctly and the request is carried on as it should.
> Otherwise, if a request is received by some of the other apache
> processes, the application rejects the cookie and redirects to the
> login screen (as if the user was not logged in).
>
> Although it sounds a little improbable, but is it possible that Beaker
> uses some of the process information (like the PID) to verify the
> cookies? In such way, if the cookie was created by the child process
> X, it will not be accepted by the child process Y.
>
> Or do I have to put something in the configuration files of apache and/
> or mod_wsgi to resolve this?
> I feel very confused..
>
> Petko
>
> On Aug 28, 2:26 am, Graham Dumpleton <[EMAIL PROTECTED]>
> wrote:
>
> > You do realise that Apache is a multi process web server. If the way
> > you have set session database is such that it is in memory things will
> > not work. This is because each process handling requests will be
> > referring to a different session database. When using Apache in multi
> > process configuration something like a session database has to be in a
> > shared resource accessible to all processes.
>
> > Graham
>
> > On Aug 28, 2:01 am, Petko <[EMAIL PROTECTED]> wrote:
>
> > > Hi everybody!
>
> > > To start, I am quite new to this group and to web.py in general. I
> > > will be very thankful if somebody from the community can help me with
> > > the problem that I have.
>
> > > Basically, I am writing a web application that uses version 0.23
> > > together with encrypted cookie-based beaker sessions (version 0.9.4).
> > > The web application performs an authentication step
> > > with a small login screen and saves the user info in the session
> > > cookie. Furthermore,
> > > all GET and POST methods in my controller classes are decorated with a
> > > decorator that
> > > looks in the session to check if the user is logged in. If not, then
> > > it redirects to the login page.
> > > Otherwise, it proceeds with the request. As far as I know, this is a
> > > standard way for doing access control in web.py. So far, so good.
>
> > > When I tested the application with the web.py's own web server
> > > (CherryPy/3.0.1), everything
> > > worked just fine. Then, I deployed it on Apache/2.2.8 (Ubuntu) with
> > > mod_wsgi and without
> > > any mod_rewrite rules and I encountered a very weird problem. After I
> > > log in, the application sets
> > > correctly the cookie in the browser that stores the user information,
> > > but on any subsequent
> > > XmlHttpRequest's (GET or POST) and sometimes when I reload the main
> > > page the beaker
> > > module does not like the cookie that is sent back to the web server.
> > > It just creates
> > > a new empty session, when I invoke session =
> > > web.ctx.environ['beaker.session'] in my code (which
> > > is essentially equal to a logout) and redirects me to the login
> > > screen.
>
> > > Here is a dump of the HTTP header of a request that is sent to the
> > > server, where the problem occurs (the dump was made in the web.py
> > > application by printing out web.ctx.environ):
>
> > > ctx.environ: {'mod_wsgi.reload_mechanism': '0',
> > > 'mod_wsgi.listener_port': '80', 'HTTP_REFERER': 'http://test/
> > > application.py/login', 'mod_wsgi.listener_host': '',
> > > 'beaker.get_session': <bound method SessionMiddleware._get_session of
> > > <beaker.middleware.SessionMiddleware object at 0x12eb690>>,
> > > 'SERVER_SOFTWARE': 'Apache/2.2.8 (Ubuntu) mod_python/3.3.1 Python/
> > > 2.5.2 mod_wsgi/1.3', 'SCRIPT_NAME': '/application.py',
> > > 'SERVER_SIGNATURE': '<address>Apache/2.2.8 (Ubuntu) mod_python/3.3.1
> > > Python/2.5.2 mod_wsgi/1.3 Server at test Port 80</address>\n',
> > > 'REQUEST_METHOD': 'GET', 'HTTP_KEEP_ALIVE': '300', 'SERVER_PROTOCOL':
> > > 'HTTP/1.1', 'QUERY_STRING': 'type=topic&id=all&_=1219850978947',
> > > 'PATH': '/usr/local/bin:/usr/bin:/bin', 'HTTP_ACCEPT_CHARSET':
> > > 'ISO-8859-1,utf-8;q=0.7,*;q=0.7', 'HTTP_USER_AGENT': 'Mozilla/5.0
> > > (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208
> > > Firefox/3.0.1', 'HTTP_CONNECTION': 'keep-alive', 'HTTP_COOKIE':
> > > 'sid=2d7e109489665220b0342dd4fc7881ee40d277eaaa5c64af17f6cd7e018d216202a756
> > > 46',
> > > 'SERVER_NAME': 'test', 'REMOTE_ADDR': '87.121.16.27',
> > > 'wsgi.url_scheme': 'http', 'mod_wsgi.output_buffering': '0',
> > > 'PATH_TRANSLATED': '/home/app/trunk/FeedFront/get_content',
> > > 'SERVER_PORT': '80', 'wsgi.multiprocess': True, 'SERVER_ADDR':
> > > '209.20.83.113', 'DOCUMENT_ROOT': '/home/app/trunk/FeedFront',
> > > 'mod_wsgi.process_group': '', 'HTTP_X_REQUESTED_WITH':
> > > 'XMLHttpRequest', 'SCRIPT_FILENAME': '/home/app/trunk/FeedFront/
> > > application.py', 'SERVER_ADMIN': '[EMAIL PROTECTED]', 'wsgi.input':
> > > <mod_wsgi.Input object at 0x1f8e7b0>, 'HTTP_HOST': 'test',
> > > 'beaker.session': {'_accessed_time': 1219851139.6110289,
> > > '_creation_time': 1219850922.7892039}, 'wsgi.multithread': False,
> > > 'mod_wsgi.callable_object': 'application', 'REQUEST_URI': '/
> > > application.py/get_content?type=topic&id=all&_=1219850978947',
> > > 'HTTP_ACCEPT': '*/*', 'wsgi.version': (1, 0), 'GATEWAY_INTERFACE':
> > > 'CGI/1.1', 'mod_wsgi.case_sensitivity': '1', 'wsgi.errors':
> > > <mod_wsgi.Log object at 0x1fcd150>, 'REMOTE_PORT': '4683',
> > > 'HTTP_ACCEPT_LANGUAGE': 'en-us,en;q=0.5', 'wsgi.run_once': False,
> > > 'mod_wsgi.application_group': 'test|/application.py',
> > > 'mod_wsgi.script_reloading': '1', 'HTTP_ACCEPT_ENCODING':
> > > 'gzip,deflate', 'PATH_INFO': '/get_content'}
>
> > > The cookie is sent obviously since 'HTTP_COOKIE':
> > > 'sid=2d7e109489665220b0342dd4fc7881ee40d277eaaa5c64af17f6cd7e018d216202a756
> > > 46'
>
> > > but here is what the beaker session contains:
> > > _accessed_time=1219851139.61, _creation_time=1219850922.79
>
> > > and here is what it should contain:
> > > loggedin=True, _accessed_time=1219851139.61,
> > > user=<app.models.User.User instance at 0x1549830>, _cr
> > > eation_time=1219850888.67
>
> > > I feel very confused with this problem and I don't know what
> > > additional information to provide, so please
> > > ask.
> > > Many thanks in advance!
>
> > > Petko
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"web.py" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at http://groups.google.com/group/webpy?hl=en
-~----------~----~----~----~------~----~------~--~---
