There are problems with setting cookies and doing redirects in the
same response. I don't remember quite what the solution was. Anyway,
if you haven't started a session and you are immediately given a
redirect, then the session won't get started (since the session id
cookies won't get sent). If this is the first message received, then
you probably haven't started a session for the person.
A quick/dirty way to fix this (if it really is this cookie problem)
might be to have the login page force a session start. I think simply
calling self.session() will start a session.
David Casti <david@...> wrote:
> I'm trying to use res.sendRedirect to manage an authentication process. I
> have it mostly working, but there is one unexpected behavior.
> Every web page has a banner which includes some PSP code:
> if self.session().hasValue('message'):
> message = self.session().value('message')
> string1 = "[misc html deleted]"
> string2 = "[misc html deleted]"
> res.write(string1 + message + string2)
> This works great for passing around little messages like "Authentication
> failed" or "Welcome, user foo".
> Now I'm in the part of the process where every web page runs a quick check
> before displaying itself, to make sure that you are authorized to view
> it. That code looks like this:
> # bounce to login screen if no auth info...
> if not self.session().hasValue('auth'):
> message = "Expired or missing credentials... please log in again"
> self.session().setValue('message', message)
> This code occurs many lines before the banner code, shown above.
> Now, my question: Exactly when does the res.sendRedirect fire? When the
> interpret reaches it? When the entire page is processed? ???
> The reason for my question is that, currently, my message "Expired or
> missing credentials... please log in again" is never displayed on
> index.htm. If the res.sendRedirect fired immediately, it would
> be. However, for some reason the page continues executing and gets to
> self.session().delValue('message') before the redirect actually
> occurs. The result is that when index.htm starts,
> self.session().hasValue('message') is empty.
> If I remove self.session().delValue('message'), then the message "Expired
> or missing credentials... please log in again" is displayed correctly. Of
> course this has other problems. :) Namely, "Expired or missing
> credentials... please log in again" continues to display on every page
> until some other PSP code comes along to change
> Am I going about this the wrong way?
> Webware-discuss mailing list