From the end of Ian's new doc on Application Development:
A basic framework for your SitePage might be:
from WebKit.Page import Page
def respond(self, trans):
if not self.session().value('username', False):
"""Override this method in your servlets to return True if the
page should only be accessible to logged-in users -- by default
pages are publically viewable"""
def respondLogin(self): #@@ s/b respondLogIn
# Here we should deal with logging in...
Obviously there are a lot of details to add in on your own which are
specific to your application and the security and user model you are
I have managed to create an application that deals with session logins
and session timeouts, but have often wondered about the proper way to
handle the process. Could you elaborate on the above a bit more?
Specifically, doesn't the method respond have to call its ancestor in
Page (HTTPServlet)? What does the method respondLogIn do if it
discovers the session has timed out or this is the request for a login
page rather than an incoming CGI login form? Why did you choose to
override the method respond rather than awake as in SecurePage.py in
the WebKit Examples?
A few lines of SecurePage have puzzled me as well, this from line 40:
# Get login id and immediately clear it from the session
loginid = session.value('loginid', None)
...and these from line 58:
# Check if they can successfully log in. The loginid must match
what was previously
if request.field('loginid', 'nologin')==loginid and
# Successful login.
# Clear out the login parameters
I have never understood where session.value('loginid') is being set,
why it is being deleted if it exists, why the incoming id must match
the old value, and what is the benefit of doing request.delField(...).
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.