Webware for Python

On Tue, 24 Oct 2000, Chris AtLee wrote:

> Is there some delay built into redirects?  What I'm trying to do is this:
> user goes to /index.py, index.py notices that user hasn't logged in, so redirects to login.py
> login.py accepts input, then redirects back to index.py.
> 
> Each redirect generates what seems to be an extra request, and it takes
> about 2 seconds to complete the redirect.  Am I doing something wrong? 

I can't speak for the webware side of things, but the redirect itself
does, in fact, generate an extra round-trip. Consider:

[tlilley@... oikos]$ telnet joinfoci.org 80
Trying 151.199.86.73...
Connected to joinfoci.org.
Escape character is '^]'.
GET / HTTP/1.0

HTTP/1.1 302 Workaround for mod_python bug
Date: Tue, 24 Oct 2000 05:25:29 GMT
Server: Apache/1.3.9 (Unix)  (Red Hat/Linux) mod_python/2.5 Python/1.5.2
Location: index.psp
Connection: close
Content-Type: text/html

      <html>
	<head>
	  <title>FOCI: Friends Of a Competitive Internet</title>
	</head>
	
	<body>
	  You should be automatically transported to <a
	  href="index.psp">the real homepage</a>.
	</body>
      </html>
Connection closed by foreign host.
[tlilley@... oikos]$ 


Note the "Location: index.psp" header. This is a redirect. Your browser
receives this, then turns around and request "/index.psp" from the same
source:

[tlilley@... oikos]$ telnet joinfoci.org 80
Trying 151.199.86.73...
Connected to joinfoci.org.
Escape character is '^]'.
GET /index.psp HTTP/1.0

HTTP/1.1 200 OK
Date: Tue, 24 Oct 2000 05:26:10 GMT
Server: Apache/1.3.9 (Unix)  (Red Hat/Linux) mod_python/2.5 Python/1.5.2
Content-type: text/html
Connection: close

<!--  -->
<!--  -->
<!-- content deleted -->

Connection closed by foreign host.
[tlilley@... oikos]$


The 2 seconds is probably CGI overhead, assuming you're running webware in
CGI mode, not using mod_python or the like.

-- 
   Joy-Loving * Tripp Lilley  *  http://stargate.eheart.sg505.net/~tlilley/
------------------------------------------------------------------------------
   "I'll die with that hammer in my hand, but I'll be laughin',
    'cause you can't replace a steel-drivin' man."

   - Johnny Cash, "The Legend of John Henry's Hammer"

I'll add a couple more things:

You can keep the redirection on the server side if updating the user's URL 
is not important to you. See Application.forwardRequest(). This will save 
you a round trip.

I also agree with Tripp that a faster adapter will give you a better turn 
around.

Also, I read somewhere that when an Apache CGI script puts out a redirect 
to a relative path, that it passes that to client browser. However, when it 
sees a redirect from a CGI script that is an absolute path, it handles that 
redirection internally without consulting the browser. I have not had time 
to investigate this to see if it's true and how it works with WebKit and 
the various adapters.

-Chuck


At 05:42 AM 10/24/00 +0000, Tripp Lilley wrote:
>On Tue, 24 Oct 2000, Chris AtLee wrote:
>
> > Is there some delay built into redirects?  What I'm trying to do is this:
> > user goes to /index.py, index.py notices that user hasn't logged in, so 
> redirects to login.py
> > login.py accepts input, then redirects back to index.py.
> >
> > Each redirect generates what seems to be an extra request, and it takes
> > about 2 seconds to complete the redirect.  Am I doing something wrong?
>
>I can't speak for the webware side of things, but the redirect itself
>does, in fact, generate an extra round-trip. Consider:
>
>[tlilley@... oikos]$ telnet joinfoci.org 80
>Trying 151.199.86.73...
>Connected to joinfoci.org.
>Escape character is '^]'.
>GET / HTTP/1.0
>
>HTTP/1.1 302 Workaround for mod_python bug
>Date: Tue, 24 Oct 2000 05:25:29 GMT
>Server: Apache/1.3.9 (Unix)  (Red Hat/Linux) mod_python/2.5 Python/1.5.2
>Location: index.psp
>Connection: close
>Content-Type: text/html
>
>       <html>
>         <head>
>           <title>FOCI: Friends Of a Competitive Internet</title>
>         </head>
>
>         <body>
>           You should be automatically transported to <a
>           href="index.psp">the real homepage</a>.
>         </body>
>       </html>
>Connection closed by foreign host.
>[tlilley@... oikos]$
>
>
>Note the "Location: index.psp" header. This is a redirect. Your browser
>receives this, then turns around and request "/index.psp" from the same
>source:
>
>[tlilley@... oikos]$ telnet joinfoci.org 80
>Trying 151.199.86.73...
>Connected to joinfoci.org.
>Escape character is '^]'.
>GET /index.psp HTTP/1.0
>
>HTTP/1.1 200 OK
>Date: Tue, 24 Oct 2000 05:26:10 GMT
>Server: Apache/1.3.9 (Unix)  (Red Hat/Linux) mod_python/2.5 Python/1.5.2
>Content-type: text/html
>Connection: close
>
><!--  -->
><!--  -->
><!-- content deleted -->
>
>Connection closed by foreign host.
>[tlilley@... oikos]$
>
>
>The 2 seconds is probably CGI overhead, assuming you're running webware in
>CGI mode, not using mod_python or the like.
>
>--
>    Joy-Loving * Tripp Lilley  *  http://stargate.eheart.sg505.net/~tlilley/
>------------------------------------------------------------------------------
>    "I'll die with that hammer in my hand, but I'll be laughin',
>     'cause you can't replace a steel-drivin' man."
>
>    - Johnny Cash, "The Legend of John Henry's Hammer"
>
>
>_______________________________________________
>Webware-discuss mailing list
>Webware-discuss@...
>http://lists.sourceforge.net/mailman/listinfo/webware-discuss

> On Tue, 24 Oct 2000, Chris AtLee wrote:
>
> > Is there some delay built into redirects?  What I'm trying to do is this:
> > user goes to /index.py, index.py notices that user hasn't logged in, so redirects to login.py
> > login.py accepts input, then redirects back to index.py.
> >
> > Each redirect generates what seems to be an extra request, and it takes
> > about 2 seconds to complete the redirect.  Am I doing something wrong?

Another thing to consider -- it's possible to accomplish this without redirecting -- just build in
the logic for doing login into a class derived from Page, call it SecurePage.  Then all of your
other pages are derived from SecurePage instead of Page.  Your SecurePage class will have logic
something like the following:

class SecurePage(Page):
    def writeHTML(self):
        if username and password were POSTED:
            if username and password are correct:
                mark the user as logged in
                self.writePage()
            else:
                mark the user as logged out
                display an error page
        if user is logged in:
            self.writePage()  # all derived classes should define this
        else:
            self.writeLoginForm()
    def writeLoginForm(self):
        # prints out a form that allows login, and POST's
        # the username and password to self.__class__.__name__.

This is what I'm doing, and it works great.  To make it work even better, I also have code in my
writeLoginForm that generates hidden form variables for any request variables other than the login
variables:

for (key, value) in self.request().fields().items():
    if string.lower(key) not in ('username','password','login','logout'):
        self.write('<input type="hidden" name="%s" value="%s">'
                   % (key, value))

This way, your users can bookmark any url in your site, even ones with a query string attached.
For instance, if your user bookmarks a url such as:

http://localhost/WebKit.cgi/foo/bar?abc=123

Then when they access it, if they're not logged in, it will show them the login page, then once
they log in and submit their username and password, they will get the page they wanted, including
the parameter abc=123.  No redirects needed.

If this seems a bit confusing, let me know.  I might be persuaded to clean up my code and add it as
a standard WebKit example page if Chuck deems it worthy.

--


- Geoff Talvola
  Parlance Corporation
  gtalvola@...

I tried the application.forwardRequest(), but it wasn't working for me
because it also forwarded the actions, which the receiving page didn't
support.  Is there a way to clear out the data from a form submission before
forwarding the request to another page?

Chris

On Tue, Oct 24, 2000 at 09:19:57AM -0400, Chuck Esterbrook wrote:
> I'll add a couple more things:
> 
> You can keep the redirection on the server side if updating the user's URL 
> is not important to you. See Application.forwardRequest(). This will save 
> you a round trip.
> 
> I also agree with Tripp that a faster adapter will give you a better turn 
> around.
> 
> Also, I read somewhere that when an Apache CGI script puts out a redirect 
> to a relative path, that it passes that to client browser. However, when it 
> sees a redirect from a CGI script that is an absolute path, it handles that 
> redirection internally without consulting the browser. I have not had time 
> to investigate this to see if it's true and how it works with WebKit and 
> the various adapters.
> 
> -Chuck
> 
> 
> At 05:42 AM 10/24/00 +0000, Tripp Lilley wrote:
> >On Tue, 24 Oct 2000, Chris AtLee wrote:
> >
> > > Is there some delay built into redirects?  What I'm trying to do is this:
> > > user goes to /index.py, index.py notices that user hasn't logged in, so 
> > redirects to login.py
> > > login.py accepts input, then redirects back to index.py.
> > >
> > > Each redirect generates what seems to be an extra request, and it takes
> > > about 2 seconds to complete the redirect.  Am I doing something wrong?
> >
> >I can't speak for the webware side of things, but the redirect itself
> >does, in fact, generate an extra round-trip. Consider:
> >
> >[tlilley@... oikos]$ telnet joinfoci.org 80
> >Trying 151.199.86.73...
> >Connected to joinfoci.org.
> >Escape character is '^]'.
> >GET / HTTP/1.0
> >
> >HTTP/1.1 302 Workaround for mod_python bug
> >Date: Tue, 24 Oct 2000 05:25:29 GMT
> >Server: Apache/1.3.9 (Unix)  (Red Hat/Linux) mod_python/2.5 Python/1.5.2
> >Location: index.psp
> >Connection: close
> >Content-Type: text/html
> >
> >       <html>
> >         <head>
> >           <title>FOCI: Friends Of a Competitive Internet</title>
> >         </head>
> >
> >         <body>
> >           You should be automatically transported to <a
> >           href="index.psp">the real homepage</a>.
> >         </body>
> >       </html>
> >Connection closed by foreign host.
> >[tlilley@... oikos]$
> >
> >
> >Note the "Location: index.psp" header. This is a redirect. Your browser
> >receives this, then turns around and request "/index.psp" from the same
> >source:
> >
> >[tlilley@... oikos]$ telnet joinfoci.org 80
> >Trying 151.199.86.73...
> >Connected to joinfoci.org.
> >Escape character is '^]'.
> >GET /index.psp HTTP/1.0
> >
> >HTTP/1.1 200 OK
> >Date: Tue, 24 Oct 2000 05:26:10 GMT
> >Server: Apache/1.3.9 (Unix)  (Red Hat/Linux) mod_python/2.5 Python/1.5.2
> >Content-type: text/html
> >Connection: close
> >
> ><!--  -->
> ><!--  -->
> ><!-- content deleted -->
> >
> >Connection closed by foreign host.
> >[tlilley@... oikos]$
> >
> >
> >The 2 seconds is probably CGI overhead, assuming you're running webware in
> >CGI mode, not using mod_python or the like.
> >
> >--
> >    Joy-Loving * Tripp Lilley  *  http://stargate.eheart.sg505.net/~tlilley/
> >------------------------------------------------------------------------------
> >    "I'll die with that hammer in my hand, but I'll be laughin',
> >     'cause you can't replace a steel-drivin' man."
> >
> >    - Johnny Cash, "The Legend of John Henry's Hammer"
> >
> >
> >_______________________________________________
> >Webware-discuss mailing list
> >Webware-discuss@...
> >http://lists.sourceforge.net/mailman/listinfo/webware-discuss
> 
> _______________________________________________
> Webware-discuss mailing list
> Webware-discuss@...
> http://lists.sourceforge.net/mailman/listinfo/webware-discuss

Hmm...Interesting idea.  I was making an AuthPage class, but that just
forwarded to a Login class...Your idea of combining the two sounds promising,
and that method of keeping the query string in hidden variables is very
clever :)

Thanks,

Chris

On Tue, Oct 24, 2000 at 10:19:10AM -0400, Geoff Talvola wrote:
> > On Tue, 24 Oct 2000, Chris AtLee wrote:
> >
> > > Is there some delay built into redirects?  What I'm trying to do is this:
> > > user goes to /index.py, index.py notices that user hasn't logged in, so redirects to login.py
> > > login.py accepts input, then redirects back to index.py.
> > >
> > > Each redirect generates what seems to be an extra request, and it takes
> > > about 2 seconds to complete the redirect.  Am I doing something wrong?
> 
> Another thing to consider -- it's possible to accomplish this without redirecting -- just build in
> the logic for doing login into a class derived from Page, call it SecurePage.  Then all of your
> other pages are derived from SecurePage instead of Page.  Your SecurePage class will have logic
> something like the following:
> 
> class SecurePage(Page):
>     def writeHTML(self):
>         if username and password were POSTED:
>             if username and password are correct:
>                 mark the user as logged in
>                 self.writePage()
>             else:
>                 mark the user as logged out
>                 display an error page
>         if user is logged in:
>             self.writePage()  # all derived classes should define this
>         else:
>             self.writeLoginForm()
>     def writeLoginForm(self):
>         # prints out a form that allows login, and POST's
>         # the username and password to self.__class__.__name__.
> 
> This is what I'm doing, and it works great.  To make it work even better, I also have code in my
> writeLoginForm that generates hidden form variables for any request variables other than the login
> variables:
> 
> for (key, value) in self.request().fields().items():
>     if string.lower(key) not in ('username','password','login','logout'):
>         self.write('<input type="hidden" name="%s" value="%s">'
>                    % (key, value))
> 
> This way, your users can bookmark any url in your site, even ones with a query string attached.
> For instance, if your user bookmarks a url such as:
> 
> http://localhost/WebKit.cgi/foo/bar?abc=123
> 
> Then when they access it, if they're not logged in, it will show them the login page, then once
> they log in and submit their username and password, they will get the page they wanted, including
> the parameter abc=123.  No redirects needed.
> 
> If this seems a bit confusing, let me know.  I might be persuaded to clean up my code and add it as
> a standard WebKit example page if Chuck deems it worthy.
> 
> --
> 
> 
> - Geoff Talvola
>   Parlance Corporation
>   gtalvola@...

This is very worthy and I'd very much like to see it in WebKit either as an 
example or in the framework directly.

Also, the hidden field thing can probably become a utility method of 
HTTPRequest.

-Chuck


At 10:19 AM 10/24/00 -0400, Geoff Talvola wrote:
> > On Tue, 24 Oct 2000, Chris AtLee wrote:
> >
> > > Is there some delay built into redirects?  What I'm trying to do is this:
> > > user goes to /index.py, index.py notices that user hasn't logged in, 
> so redirects to login.py
> > > login.py accepts input, then redirects back to index.py.
> > >
> > > Each redirect generates what seems to be an extra request, and it takes
> > > about 2 seconds to complete the redirect.  Am I doing something wrong?
>
>Another thing to consider -- it's possible to accomplish this without 
>redirecting -- just build in
>the logic for doing login into a class derived from Page, call it 
>SecurePage.  Then all of your
>other pages are derived from SecurePage instead of Page.  Your SecurePage 
>class will have logic
>something like the following:
>
>class SecurePage(Page):
>     def writeHTML(self):
>         if username and password were POSTED:
>             if username and password are correct:
>                 mark the user as logged in
>                 self.writePage()
>             else:
>                 mark the user as logged out
>                 display an error page
>         if user is logged in:
>             self.writePage()  # all derived classes should define this
>         else:
>             self.writeLoginForm()
>     def writeLoginForm(self):
>         # prints out a form that allows login, and POST's
>         # the username and password to self.__class__.__name__.
>
>This is what I'm doing, and it works great.  To make it work even better, 
>I also have code in my
>writeLoginForm that generates hidden form variables for any request 
>variables other than the login
>variables:
>
>for (key, value) in self.request().fields().items():
>     if string.lower(key) not in ('username','password','login','logout'):
>         self.write('<input type="hidden" name="%s" value="%s">'
>                    % (key, value))
>
>This way, your users can bookmark any url in your site, even ones with a 
>query string attached.
>For instance, if your user bookmarks a url such as:
>
>http://localhost/WebKit.cgi/foo/bar?abc=123
>
>Then when they access it, if they're not logged in, it will show them the 
>login page, then once
>they log in and submit their username and password, they will get the page 
>they wanted, including
>the parameter abc=123.  No redirects needed.
>
>If this seems a bit confusing, let me know.  I might be persuaded to clean 
>up my code and add it as
>a standard WebKit example page if Chuck deems it worthy.
>
>--
>
>
>- Geoff Talvola
>   Parlance Corporation
>   gtalvola@...
>
>_______________________________________________
>Webware-discuss mailing list
>Webware-discuss@...
>http://lists.sourceforge.net/mailman/listinfo/webware-discuss

Chuck Esterbrook wrote:

> This is very worthy and I'd very much like to see it in WebKit either as an
> example or in the framework directly.

OK, I'll think if this can be made generic enough to include in the framework, but
I think it may involve so many differences between one usage and another that it
would be better as an example.

> Also, the hidden field thing can probably become a utility method of
> HTTPRequest.

Sounds good.

--


- Geoff Talvola
  Parlance Corporation
  gtalvola@...

There's no clean way that I know of. The hacky way would be to modify the 
request's dictionary of fields, which is kind of a no-no, because it wasn't 
designed with this in mind. I *think* you could do stuff like:

         fields = self.request().fields()
         fields['_action_'] = None

But I can't guarantee that this currently works or will continue to.

I think going with Geoff's SecurePage idea is the best thing that I have 
heard to date.

Perhaps we'll have to address Request modification in the future...

-Chuck


At 10:23 AM 10/24/00 -0400, catlee@... wrote:
>I tried the application.forwardRequest(), but it wasn't working for me
>because it also forwarded the actions, which the receiving page didn't
>support.  Is there a way to clear out the data from a form submission before
>forwarding the request to another page?
>
>Chris
>
>On Tue, Oct 24, 2000 at 09:19:57AM -0400, Chuck Esterbrook wrote:
> > I'll add a couple more things:
> >
> > You can keep the redirection on the server side if updating the user's URL
> > is not important to you. See Application.forwardRequest(). This will save
> > you a round trip.
> >
> > I also agree with Tripp that a faster adapter will give you a better turn
> > around.
> >
> > Also, I read somewhere that when an Apache CGI script puts out a redirect
> > to a relative path, that it passes that to client browser. However, 
> when it
> > sees a redirect from a CGI script that is an absolute path, it handles 
> that
> > redirection internally without consulting the browser. I have not had time
> > to investigate this to see if it's true and how it works with WebKit and
> > the various adapters.
> >
> > -Chuck
> >
> >
> > At 05:42 AM 10/24/00 +0000, Tripp Lilley wrote:
> > >On Tue, 24 Oct 2000, Chris AtLee wrote:
> > >
> > > > Is there some delay built into redirects?  What I'm trying to do is 
> this:
> > > > user goes to /index.py, index.py notices that user hasn't logged 
> in, so
> > > redirects to login.py
> > > > login.py accepts input, then redirects back to index.py.
> > > >
> > > > Each redirect generates what seems to be an extra request, and it takes
> > > > about 2 seconds to complete the redirect.  Am I doing something wrong?
> > >
> > >I can't speak for the webware side of things, but the redirect itself
> > >does, in fact, generate an extra round-trip. Consider:
> > >
> > >[tlilley@... oikos]$ telnet joinfoci.org 80
> > >Trying 151.199.86.73...
> > >Connected to joinfoci.org.
> > >Escape character is '^]'.
> > >GET / HTTP/1.0
> > >
> > >HTTP/1.1 302 Workaround for mod_python bug
> > >Date: Tue, 24 Oct 2000 05:25:29 GMT
> > >Server: Apache/1.3.9 (Unix)  (Red Hat/Linux) mod_python/2.5 Python/1.5.2
> > >Location: index.psp
> > >Connection: close
> > >Content-Type: text/html
> > >
> > >       <html>
> > >         <head>
> > >           <title>FOCI: Friends Of a Competitive Internet</title>
> > >         </head>
> > >
> > >         <body>
> > >           You should be automatically transported to <a
> > >           href="index.psp">the real homepage</a>.
> > >         </body>
> > >       </html>
> > >Connection closed by foreign host.
> > >[tlilley@... oikos]$
> > >
> > >
> > >Note the "Location: index.psp" header. This is a redirect. Your browser
> > >receives this, then turns around and request "/index.psp" from the same
> > >source:
> > >
> > >[tlilley@... oikos]$ telnet joinfoci.org 80
> > >Trying 151.199.86.73...
> > >Connected to joinfoci.org.
> > >Escape character is '^]'.
> > >GET /index.psp HTTP/1.0
> > >
> > >HTTP/1.1 200 OK
> > >Date: Tue, 24 Oct 2000 05:26:10 GMT
> > >Server: Apache/1.3.9 (Unix)  (Red Hat/Linux) mod_python/2.5 Python/1.5.2
> > >Content-type: text/html
> > >Connection: close
> > >
> > ><!--  -->
> > ><!--  -->
> > ><!-- content deleted -->
> > >
> > >Connection closed by foreign host.
> > >[tlilley@... oikos]$
> > >
> > >
> > >The 2 seconds is probably CGI overhead, assuming you're running webware in
> > >CGI mode, not using mod_python or the like.
> > >
> > >--
> > >    Joy-Loving * Tripp 
> Lilley  *  http://stargate.eheart.sg505.net/~tlilley/
> > >----------------------------------------------------------------------- 
> -------
> > >    "I'll die with that hammer in my hand, but I'll be laughin',
> > >     'cause you can't replace a steel-drivin' man."
> > >
> > >    - Johnny Cash, "The Legend of John Henry's Hammer"
> > >
> > >
> > >_______________________________________________
> > >Webware-discuss mailing list
> > >Webware-discuss@...
> > >http://lists.sourceforge.net/mailman/listinfo/webware-discuss
> >
> > _______________________________________________
> > Webware-discuss mailing list
> > Webware-discuss@...
> > http://lists.sourceforge.net/mailman/listinfo/webware-discuss
>_______________________________________________
>Webware-discuss mailing list
>Webware-discuss@...
>http://lists.sourceforge.net/mailman/listinfo/webware-discuss