Re: Login-based session

Christian Wyglendowski wrote:
> On 5/2/07, Tim Golden <tjgoldengmail.com> wrote:
> > So as not to reinvent the wheel, I'd like to be
able to key 
> > a cherrypy session against the logged-in user
(which, since
> > I'm using mod_auth_sspi under Windows I'm going to
assume
> > will always be present). This means, AFAICT, *not*
using a
> > cookie-based Session object, but rather one which
picks up
> > its id from the cherrypy.request.login. I've
looked through
> > the wiki/groups but I can't see a simple recipe
which seems
> > to match my needs.
> 
> The current session implementation for CherryPy is
cookie based, and
> there are no examples of other session keying methods
AFAIK.
> 
> I think basically what you will need to do is create
new callables
> similar to cherrypy.lib.sessions.init and
cherrypy.lib.sessions.expire
> that deal with request.login instead of the cookie
value.  You will
> also need to make a new Tool that hooks up those
methods at the
> correct places in the request processing pipeline. 
Have a look at the
> current SessionTool in cherrypy/_cptools.py for ideas
on how to do
> that.  Once you have custom init and expire functions,
you will
> probably be able to just subclass the SessionTool and
override a few
> methods, but I can't say for sure.
> 
> If you come up with something for this, I would say
definitely post it
> to the public wiki (tools.cherrypy.org).  Sounds like a
great tool.

Yeah, but if you're doing strong auth do you really need
sessions?


Robert Brewer
System Architect
Amor Ministries
fumanchuamor.org

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the
Google Groups "cherrypy-users" group.
To post to this group, send email to cherrypy-usersgooglegroups.com
To unsubscribe from this group, send email to
cherrypy-users-unsubscribegooglegroups.com
For more options, visit this group at h
ttp://groups.google.com/group/cherrypy-users?hl=en
-~----------~----~----~----~------~----~------~--~---

>> On 5/2/07, Tim Golden <tjgoldengmail.com> wrote:
>>> So as not to reinvent the wheel, I'd like to be
able to key 
>>> a cherrypy session against the logged-in user
(which, since
>>> I'm using mod_auth_sspi under Windows I'm going
to assume
>>> will always be present). This means, AFAICT,
*not* using a
>>> cookie-based Session object, but rather one
which picks up
>>> its id from the cherrypy.request.login. I've
looked through
>>> the wiki/groups but I can't see a simple recipe
which seems
>>> to match my needs.

[Robert Brewer]
> Yeah, but if you're doing strong auth do you really
need sessions?

Not sure I follow that. I want, in essence, to track a
user's
preferences no matter which machine they're logged on to
(and
hence independently of cookies). I assume that sessions are
the
way to do that - where session means "take some id and
give me
some info relating to it" - and user's passed-through
username
seems a sensible id. Maybe we're just using
"session" in
different senses?

TJG


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the
Google Groups "cherrypy-users" group.
To post to this group, send email to cherrypy-usersgooglegroups.com
To unsubscribe from this group, send email to
cherrypy-users-unsubscribegooglegroups.com
For more options, visit this group at h
ttp://groups.google.com/group/cherrypy-users?hl=en
-~----------~----~----~----~------~----~------~--~---