Ha sorry, you'll see references to "SomeParent" in that code which should be "SiteFrame". I started to convert to your Frame naming convention but didn't follow through. :)
> -----Original Message----- > From: Ben Parker [mailto:[EMAIL PROTECTED] > Sent: Thursday, March 31, 2005 1:38 PM > To: Greg McClure > Cc: Webware discussion list > Subject: RE: [Webware-discuss] Session Cookies Issue > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] Behalf Of Greg > > McClure > > > > ... > > > > My real problem is that I can not get my code to detect session cookie > > deletion. I feel like I'm missing something obvious, but I'm looking > > for anyone to say, "Here it is. You log in this way and when you > > delete your cookies, voila, you're just taken right back to the login > > page." > > > > In addition to my system, I also tried the login example provided with > > WebKit, which had some nice ideas, but when I deleted the session > > cookie in Firefox I got a worse error than the error I had been > > getting ... > > > > Waving my hands wildly in rough seas, > > Greg > > > > Hi Greg, I'm new to this thread, let me see if I can shed some light. > > It looks like you are checking for existence of a Session when > really you want to be checking for existence of some property > within the Session object. It doesn't seem like your code should > care if there's a Session or not, merely "is this user logged in" or not. > > This is loosely based on some code in production. Although there > we use a MixIn to define our own Session class, and I've > hand-waived how you would actually validate the user, but I think > you'll get the idea: > > from WebUtils.Funcs import urlEncode > import base64, binascii > > class AuthFrame(SiteFrame): > ''' Base class for all servlets requiring auth ''' > def awake(self, transaction): > SomeParent.awake(self, transaction) > if not self.session().value('user', None): > self.sendRedirectAndEnd('/Login?r=' + > urlEncode(base64.encodestring(self.request().uri()))) > > class Login(SiteFrame): > ''' This page should display a login form, > which POSTs to itself and invokes the "login" action > ''' > def actions(self): > return SomeParent.actions() + ['login'] > def login(self): > # process whatever form arguments you need to login ... > # let's assume the result is a User object to put in the > session ... > validatedUser = # some kind of a User object ... > self.session().setValue('user',validatedUser) > # Build the redirect URL > redirecturl = req.field('r', None) > if redirectUrl: > try: > redirectUrl = base64.decodestring(redirecturl) > except binascii.Error: > redirectUrl = None > # Make sure we don't do something silly like > # send the user back to the Login or Logout page > # if they clicked a link from the header or something > if not redirectUrl \ > or redirectUrl.find('/Login') > -1 \ > or redirectUrl.find('/Logout') > -1: > redirectUrl = '/' > # Send the user back where they came from > self.sendRedirectAndEnd(redirectUrl) > > > Then any page you need secured would be: > > from SomeWhere import AuthFrame > > class SomeSecureFrame(AuthFrame): > # define your servlet as normal ... > # remember to call the parent's awake() if you override awake() ... > > > I use base64 encoding on the redirect argument because I ran into > trouble with just urlEncode and rare cases of nested redirects. > You can probably get away without it, but I'll leave that for you. > > So there it is. You log in this way and when you delete your > cookies, voila, you're just taken right back to the login page. :) > > Hope that helps, > Ben ------------------------------------------------------- This SF.net email is sponsored by Demarc: A global provider of Threat Management Solutions. Download our HomeAdmin security software for free today! http://www.demarc.com/info/Sentarus/hamr30 _______________________________________________ Webware-discuss mailing list Webware-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/webware-discuss
