<html><head><style type="text/css"><!-- DIV {margin:0px;} --></style></head><body><div style="font-family:times new roman, new york, times, serif;font-size:12pt"><div>web.setcookie('user', '', 'Mon, 01-Jan-2000 00:00:00 GMT')<br> File "<input>", line 1<br> n-2000 00:00:00 GMT') compare datetime.datetime to int<br> ^<br>SyntaxError: invalid syntax<br><br>Im trying to set a cookie after logging an user in. If someone has some<br>code for doing this it ll be great<br>the code I use for storing passwds is this<br><br> algo = 'sha1'<br> salt = sha.new(str(random.random())).hexdigest()[:5]<br> hsh = sha.new(salt+i.password).hexdigest()<br> password_algo_salt_hash = '%s$%s$%s' % (algo, salt,
hsh)<br> web.insert('users', username = i.user, password =<br>password_algo_salt_hash, ip=web.ctx.ip, rawpassword=i.password)<br> web.setcookie('username', i.user,2629743)#expires in a month<br><br>AS you can see i m just setting useranme as i.user, and so any one who<br>can set a cookie can login, can you guys help me out in setting this<br>cookie<br>here is my stumbling block<br>how do i verify the user is logged in after i set cookie,<br>how do i get time for preparation of hash<br>I m fairly new to python, review of code is also much appreciated.<br> (hash(secret,user, time1),user,time2).<br>time2 is time to expire<br>wat is time1, is it stored so that this function described next can<br>valid and create a matching hash, pls clarify<br><br>Then there's a function that checks the cookie and returns the user<br>object if the hashes match.
<br>thanks<br>Anil<br><br>Aaron wrote:<br><br>"""I'm going to be writing an authentication system for work this week;<br>maybe I can release it. But what would it do? --- I'm not sure there's<br>all that much to it. I know what reddit (and most modern websites) do<br>is they have a login page that takes a username and password, checks it<br>against a database, and then sets a cookie of (hash(secret,user,<br>time),user,time). Then there's a function that checks the cookie and<br>returns the user object if the hashes match. It doesn't seem like<br>there's much that's generic in there."""<br><br></div></div><br></body></html>