cgi - secure sessions

Fuzzyman fuzzyman at gmail.com
Thu Feb 2 04:08:52 EST 2006


GazaM wrote:
> wow, those were some seriously quick replies, thanks. I understand that
> cookies is the best way to do things, but I didn't explain my problem
> well, sorry.
>
> Basically, I have a blog in the works and I want to have an online
> interface for posting. What I have is a cgi script run through a server
> side include line in the html, which looks for the session cookie, if
> it is present will say 'logged in as "user"' and if the cookie isn't
> there will display a login form. Now, the big showstopper here is that,
> because session cookies are stored in http headers sent by the client
> (afaik) the cgi script can't get any, because the http headers are
> passed onto the html file and any cgi scripts inside don't get
> anything... is there a workaround possible? I need to use an include
> line instead of pointing to the script and making it output full html
> as there are various other scripts run in the html as well, plus I am
> hoping to use the cookie-detection script in other ways than just the
> home page...
>

logintools is a Python CGI framework for logins and account management.
You could also 'overload' the account management to provide session
management if you want. (You'd have to be careful if the user could
potentially run more than one session simultaneously - maybe I can
build support into logintools for this).

It includes functions to *tell* if a user is logged in, and can also
automatically divert the user to a login page if you want.

It uses HTML templates so you can customise the appearance of the pages
it generates. It will handle sign-ups (you can allow new sign-ups or
not), user account management, and adminastrative account management.

You can also choose whether to use session cookies (only exists whilst
the same browser window is open - after that the user must login), or
set a length of time the cookie is valid for.

    http://www.voidspace.org.uk/python/logintools.html

I'm happy to provide support via the Pythonutils mailing list :

    http://groups.google.com/group/pythonutils

The best place to start might be an example application, like protected
page :

    http://www.voidspace.org.uk/python/cgi.shtml

This doesn't use the features to tell you if the user is logged in (it
just prevents access to the application if the user isn't logged in -
and presents them with a login page). It's a good place to start
though.

All the best,

Fuzzyman
http://www.voidspace.org.uk/python/index.shtml

> Again, any help is appreciated.
> 
> GazaM




More information about the Python-list mailing list