Menu
▾
▴
Re: [Webware-discuss] Session Cookies Issue
|
From: Greg M. <gmc...@gm...> - 2005-04-02 03:16:08
|
Hey Ben,
Sorry I took so long to get back to you, I really do appreciate the help.=
=20
I've just been swamped with work.
Okay, yeah, I looked at your code and that would definitely seem to be what=
=20
I need to do. That you tell me this works for you makes me crazy, since thi=
s=20
is how I started out in the first place, but when this approach didn't work=
=20
for me I assumed that I was not understanding something. So now I'm back to=
=20
square one.
I don't know what it could be. I'm going to try and download the latest=20
Webware code and try to code an Auth framework from scratch, minus all of=
=20
the other code for the app that's floating around. If I can isolate just th=
e=20
framework code, maybe I can figure out what's going wrong.
Thanks for the help.
All the best,
Greg
On Mar 31, 2005 1:41 PM, Ben Parker <be...@we...> wrote:
>=20
> Ha sorry, you'll see references to "SomeParent" in that code which should=
=20
> be
> "SiteFrame". I started to convert to your Frame naming convention but
> didn't follow through. :)
>=20
> > -----Original Message-----
> > From: Ben Parker [mailto:be...@we...]
> > Sent: Thursday, March 31, 2005 1:38 PM
> > To: Greg McClure
> > Cc: Webware discussion list
> > Subject: RE: [Webware-discuss] Session Cookies Issue
> >
> >
> > > -----Original Message-----
> > > From: web...@li...
> > > [mailto:web...@li...]On Behalf Of Greg
> > > McClure
> > >
> > > ...
> > >
> > > My real problem is that I can not get my code to detect session cooki=
e
> > > deletion. I feel like I'm missing something obvious, but I'm looking
> > > for anyone to say, "Here it is. You log in this way and when you
> > > delete your cookies, voila, you're just taken right back to the login
> > > page."
> > >
> > > In addition to my system, I also tried the login example provided wit=
h
> > > WebKit, which had some nice ideas, but when I deleted the session
> > > cookie in Firefox I got a worse error than the error I had been
> > > getting ...
> > >
> > > Waving my hands wildly in rough seas,
> > > Greg
> > >
> >
> > Hi Greg, I'm new to this thread, let me see if I can shed some light.
> >
> > It looks like you are checking for existence of a Session when
> > really you want to be checking for existence of some property
> > within the Session object. It doesn't seem like your code should
> > care if there's a Session or not, merely "is this user logged in" or=20
> not.
> >
> > This is loosely based on some code in production. Although there
> > we use a MixIn to define our own Session class, and I've
> > hand-waived how you would actually validate the user, but I think
> > you'll get the idea:
> >
> > from WebUtils.Funcs import urlEncode
> > import base64, binascii
> >
> > class AuthFrame(SiteFrame):
> > ''' Base class for all servlets requiring auth '''
> > def awake(self, transaction):
> > SomeParent.awake(self, transaction)
> > if not self.session().value('user', None):
> > self.sendRedirectAndEnd('/Login?r=3D' +
> > urlEncode(base64.encodestring(self.request().uri())))
> >
> > class Login(SiteFrame):
> > ''' This page should display a login form,
> > which POSTs to itself and invokes the "login" action
> > '''
> > def actions(self):
> > return SomeParent.actions() + ['login']
> > def login(self):
> > # process whatever form arguments you need to login ...
> > # let's assume the result is a User object to put in the
> > session ...
> > validatedUser =3D # some kind of a User object ...
> > self.session().setValue('user',validatedUser)
> > # Build the redirect URL
> > redirecturl =3D req.field('r', None)
> > if redirectUrl:
> > try:
> > redirectUrl =3D base64.decodestring(redirecturl)
> > except binascii.Error:
> > redirectUrl =3D None
> > # Make sure we don't do something silly like
> > # send the user back to the Login or Logout page
> > # if they clicked a link from the header or something
> > if not redirectUrl \
> > or redirectUrl.find('/Login') > -1 \
> > or redirectUrl.find('/Logout') > -1:
> > redirectUrl =3D '/'
> > # Send the user back where they came from
> > self.sendRedirectAndEnd(redirectUrl)
> >
> >
> > Then any page you need secured would be:
> >
> > from SomeWhere import AuthFrame
> >
> > class SomeSecureFrame(AuthFrame):
> > # define your servlet as normal ...
> > # remember to call the parent's awake() if you override awake() ...
> >
> >
> > I use base64 encoding on the redirect argument because I ran into
> > trouble with just urlEncode and rare cases of nested redirects.
> > You can probably get away without it, but I'll leave that for you.
> >
> > So there it is. You log in this way and when you delete your
> > cookies, voila, you're just taken right back to the login page. :)
> >
> > Hope that helps,
> > Ben
>=20
>
|