Multiple XML-RPC calls over the same connection?

Roger Binns rogerb at rogerbinns.com
Fri Oct 29 17:59:36 CEST 2004


Diez B. Roggisch wrote:
> a way to have some
> server-side "cookie" that identifies an incoming call as
> authenticated. That's not possible.

The standard pattern for doing that is having an xmlrpc call
that you supply username/password/other credentials to.  It
then responds with a pair of tokens.  You then use them as
part of the URL where usernames and passwords are usually
used.  For example:

   sp=xmlrpclib.ServerProxy("http://foo.example.com")
   c1,c2=sp.login("username", "password", "etc")

   sp=xmlrpclib.ServerProxy("http://%s:%s@foo.example.com" % (c1,c2))
   sp.DoSomething(1,2)
   sp.DoSomethingElse(3,4)

This will work fine with the current client side xmlrpclib.  If
you server side is written in Python then you will need to make
a derived request handler that grabs and verifies the authentication
headers before calling the intended routines (except for the login
function :-)

Roger
 





More information about the Python-list mailing list