Working on a log in script to my webpage

Steve Holden steve at holdenweb.com
Wed Mar 9 05:09:19 CET 2005


Pete..... wrote:
> The 2 scripts I made is actually working the way they where meant to. So im 
> kindda happy :)
> 
> The problem is, that I didnt think about the problem: as Steve wrote:
>  "There are other matters of concern, however, the most pressing of which 
> is: How am I going to stop user from navigating directly to page1?"
> Maybee I can find some premade feature, that prevents users to go to page1 
> without logging in. Any ideas as to where I can find some information about 
> this.
> 
> Nice that you all take time to help a newbie, so thanks to the helpfull 
> people :)
> 
May the spirit of Python be with you. That's mostly the way people like 
to behave around these parts.

Essentially the problem is that in order to avoid open access to the 
site, every page access must somehow cause the web server or the 
application code to verify that the user has already authenticated.

This is usually done by

a) having the server issue a unique cookie for each browser session, so 
it can determine which user is associated with each request, and

b) maintaining a state for each session, which records (probably among 
other things) whether or not the user is currently logged in.

PHP has one easy-to-use mechanism for this whereas Python appears to 
have about thirty-five different ways to achieve it, of varying degrees 
of difficulty. The trickiest thing is that unless the server/application 
framework takes care of it for you (as happens, for example, with 
Webware) then each page has to be generated dynamically, and must 
include code to verify the user's authenticity.

If you are determined to stick with Python then try Googling for "Python 
web session state". That will give you a better appreciation of the 
problem, and point up a few possible solutions.

regards
  Steve




More information about the Python-list mailing list