How to create a completely new cherrypy.session?

My application uses session data pretty heavily.  When
wiring the
application into a test harness I have come across some
problems when I
try to do multiple logins in sequence, which I think are
related to the
way I am deleting old session data.  

The symptom of the problem is that if the session is not
"virgin" (it's
a second submission of the login form for this session),
when the user
presents valid credentials, the authentication system
recognizes the
credentials but, upon redirection to the target page,
cherrypy.session
is completely empty and doesn't contain any of the
authentication
information.  So the user gets kicked back to the login page
again.
This is not a real problem for human users but is a pain for
automated
testing. 

Here is what I am doing that I believe is causing the
trouble:  when the
user submits the login form, I interpret this to mean that
she intends
to do a "fresh" login, discarding any preexisting
session data.  So I do
what I do at logout time: 

	cherrypy.session.delete()
	cherrypy.lib.sessions.expire()

Then, I proceed to poke a bunch of values into
cherrypy.session for the
new login, and finally I go to the destination page:

	raise cherrypy.HTTPRedirect(desturl)

My theory is that anything I do after
cherrypy.session.delete() is lost,
because when I do the redirect I am going to get a brand new
session
generated.

Is there a way for me to create a brand-new session in
cherrypy.session
and push the cookie back to the browser, so that when I
redirect all my
work on authenticating and populating the session will still
be there?
Or am I thinking about this in the wrong way?

Thanks,
Bill Gribble


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the
Google Groups "cherrypy-users" group.
To post to this group, send email to cherrypy-usersgooglegroups.com
To unsubscribe from this group, send email to
cherrypy-users-unsubscribegooglegroups.com
For more options, visit this group at h
ttp://groups.google.com/group/cherrypy-users?hl=en
-~----------~----~----~----~------~----~------~--~---

On May 21, 10:03 am, Bill Gribble <g...billgribble.com> wrote:
> My application uses session data pretty heavily.  When
wiring the
> application into a test harness I have come across some
problems when I
> try to do multiple logins in sequence, which I think
are related to the
> way I am deleting old session data.
>
> The symptom of the problem is that if the session is
not "virgin" (it's
> a second submission of the login form for this
session), when the user
> presents valid credentials, the authentication system
recognizes the
> credentials but, upon redirection to the target page,
cherrypy.session
> is completely empty and doesn't contain any of the
authentication
> information.  So the user gets kicked back to the login
page again.
> This is not a real problem for human users but is a
pain for automated
> testing.
>
> Here is what I am doing that I believe is causing the
trouble:  when the
> user submits the login form, I interpret this to mean
that she intends
> to do a "fresh" login, discarding any
preexisting session data.  So I do
> what I do at logout time:
>
>         cherrypy.session.delete()
>         cherrypy.lib.sessions.expire()
>
> Then, I proceed to poke a bunch of values into
cherrypy.session for the
> new login, and finally I go to the destination page:
>
>         raise cherrypy.HTTPRedirect(desturl)
>
> My theory is that anything I do after
cherrypy.session.delete() is lost,
> because when I do the redirect I am going to get a
brand new session
> generated.
>
> Is there a way for me to create a brand-new session in
cherrypy.session
> and push the cookie back to the browser, so that when I
redirect all my
> work on authenticating and populating the session will
still be there?
> Or am I thinking about this in the wrong way?

Once you call session.delete(), you really shouldn't poke
values into
cherrypy.session during the same request. I would copy the
logic in
lib.sessions.init if I were you: make a new session object
and re-
create the response cookie (since it uses the session id
for
its .value).


Robert Brewer
System Architect
Amor Ministries
fumanchuamor.org


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the
Google Groups "cherrypy-users" group.
To post to this group, send email to cherrypy-usersgooglegroups.com
To unsubscribe from this group, send email to
cherrypy-users-unsubscribegooglegroups.com
For more options, visit this group at h
ttp://groups.google.com/group/cherrypy-users?hl=en
-~----------~----~----~----~------~----~------~--~---