SessionAuth in CP3

Thread: SessionAuth in CP3

Search this list only Search all lists
SessionAuth in CP3
	2007-03-11 21:39:34
I'm using CP 3.0.1 and the class SessionAuth for session authentication. It's working but with one caveat: when one user is logged in and another different user logs in from somewhere else, the 2nd user essentially steals the session. I track users with the variable 'sessid' below. When the first user signs in, his or her login becomes the sessid. But then, while the first user is active, and a second user signs in, that second user's login now becomes the sessid. Any suggestions on how to better allow these individuals to co-exist would be much appreciated. (I'm really looking forward to the upcoming CP book and have already pre-ordered. I hope there's a chapter on sess auth.) Thanks, Kevin On pages I want to protect, I'm using: ----- import check _cp_config = { 'tools.sessions.on': True, 'tools.session_auth.on': True, 'tools.session_auth.check_username_and_password': check.checkLoginAndPassword, 'tools.session_auth.on_check': check.loadUserByUsername, 'tools.session_auth.login_screen': check.loginScreen } ----- I then have the following file 'check.py': ----- """ on_check == loadUserByUsername check_username_and_password == checkLoginAndPassword login_screen == loginScreen """ def loadUserByUsername(login): ulist=[("user1","pass1"),("user2&qu ot;,"pass2"), ("kevin","dog")] for u,p in ulist: if u==login: validuser = (u,p) return validuser else: pass def checkLoginAndPassword(login, password): global sessid validuser = loadUserByUsername(login) if validuser == None: return u'Wrong login or no login was entered' elif validuser[0] == login: if validuser[1] != password: return u"<br />Wrong password" sessid = cherrypy.session.get('sessid', login) def loginScreen(from_page='..', username='', error_msg=''): html = cherrytemplate.renderTemplate(file='private/loginScreen.html ') return html ----- -- Kevin Coyner GnuPG key: 1024D/8CE11941 --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "cherrypy-users" group. To post to this group, send email to cherrypy-usersgooglegroups.com To unsubscribe from this group, send email to cherrypy-users-unsubscribegooglegroups.com For more options, visit this group at h ttp://groups.google.com/group/cherrypy-users?hl=en -~----------~----~----~----~------~----~------~--~---

Re: SessionAuth in CP3
United States	2007-03-12 11:25:22
On Mar 11, 7:39 pm, Kevin Coyner <k...rustybear.com> wrote: > I'm using CP 3.0.1 and the class SessionAuth for session > authentication. It's working but with one caveat: when one user is > logged in and another different user logs in from somewhere else, > the 2nd user essentially steals the session. > > I track users with the variable 'sessid' below. When the first user > signs in, his or her login becomes the sessid. But then, while the > first user is active, and a second user signs in, that second user's > login now becomes the sessid. Any suggestions on how to better > allow these individuals to co-exist would be much appreciated. > > On pages I want to protect, I'm using: > > ----- > import check > > _cp_config = { > 'tools.sessions.on': True, > 'tools.session_auth.on': True, > 'tools.session_auth.check_username_and_password': check.checkLoginAndPassword, > 'tools.session_auth.on_check': check.loadUserByUsername, > 'tools.session_auth.login_screen': check.loginScreen > > } > > ----- > > I then have the following file 'check.py': > > ----- > """ > on_check == loadUserByUsername > check_username_and_password == checkLoginAndPassword > login_screen == loginScreen > """ > > def loadUserByUsername(login): > ulist=[("user1","pass1"),("user2&qu ot;,"pass2"), ("kevin","dog")] > for u,p in ulist: > if u==login: > validuser = (u,p) > return validuser > else: > pass > > def checkLoginAndPassword(login, password): > global sessid > validuser = loadUserByUsername(login) > if validuser == None: > return u'Wrong login or no login was entered' > elif validuser[0] == login: > if validuser[1] != password: > return u"<br />Wrong password" > sessid = cherrypy.session.get('sessid', login) > > def loginScreen(from_page='..', username='', error_msg=''): > html = cherrytemplate.renderTemplate(file='private/loginScreen.html ') > return html If I understand how you're using 'sessid' correctly, then you need to stick it into the request or session objects (which are request- scoped) instead of a global (which is shared among all requests). def checkLoginAndPassword(login, password): validuser = loadUserByUsername(login) if validuser == None: return u'Wrong login or no login was entered' elif validuser[0] == login: if validuser[1] != password: return u"<br />Wrong password" cherrypy.request.sessid = cherrypy.session.get('sessid', login) But since you're using the login as the sessid, I'd recommend using the preexistant cherrypy.request.login attribute: cherrypy.request.login = cherrypy.session.get('sessid', login) Robert Brewer System Architect Amor Ministries fumanchuamor.org --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "cherrypy-users" group. To post to this group, send email to cherrypy-usersgooglegroups.com To unsubscribe from this group, send email to cherrypy-users-unsubscribegooglegroups.com For more options, visit this group at h ttp://groups.google.com/group/cherrypy-users?hl=en -~----------~----~----~----~------~----~------~--~---

Re: SessionAuth in CP3
	2007-03-12 15:12:57
On Mon, Mar 12, 2007 at 09:25:22AM -0700, fumanchu wrote...... > But since you're using the login as the sessid, I'd recommend > using the preexistant cherrypy.request.login attribute: > > cherrypy.request.login = cherrypy.session.get('sessid', login) Sweet! Works great. Thanks! -- Kevin Coyner GnuPG key: 1024D/8CE11941 --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "cherrypy-users" group. To post to this group, send email to cherrypy-usersgooglegroups.com To unsubscribe from this group, send email to cherrypy-users-unsubscribegooglegroups.com For more options, visit this group at h ttp://groups.google.com/group/cherrypy-users?hl=en -~----------~----~----~----~------~----~------~--~---

[1-3]

about | contact Other archives ( Real Estate discussion Medical topics )