[Tutor] Help with generating session id

anil maran anilmrn at yahoo.com
Thu Oct 12 22:16:31 CEST 2006 

Hi guys
I m trying to maintain Sessions for each user, and a session-id that needs to be stored in cookie. I m unable to figure out how to generate session-id that can be stored in a cookie and sync with a session.
The problem is this 
everytime someone logs in check and see if they have session info that can be resumed or create a new session and store the session id in a cookie. Atleast this is my understanding, how do we sync up sessions + logins. Should I store the session id in a db. 
Thanks
Anil
Here is code I have worked on so far, does login with sessions no cookies yet;)


#!/usr/bin/env python
# -*- coding: utf-8 -*-
import os
import web
from flup.middleware.session import DiskSessionStore, SessionMiddleware

web.internalerror = web.debugerror

#
## URL MAPPING
#
urls = (
    '/','index',
    '/login','login',
    '/logout','logout'
)

#
## AUTHORIZATION STUFF
#
def dologin(user):
    session = web.ctx.environ['com.saddi.service.session'].session
    session['id'] = user.id
    session['username'] = user.username
    session['groups'] = user.groups
    session['loggedin'] = 1

def dologout():
    session = web.ctx.environ['com.saddi.service.session'].session
    session.invalidate()

def initsession(session):
    session['id'] = 0
    session['username'] = ''
    session['groups'] = ''
    session['loggedin'] = 0

def checkauth(session):
    if session['loggedin'] == 1: 
        return True
    return False

def checkaccess(auth=False, access=''):
    def decorator(func): 
        def proxyfunc(self, *args, **kw):
            service = web.ctx.environ['com.saddi.service.session']
            session = service.session
            if service.isSessionNew:
                initsession(session)
            if auth == True:
                if not checkauth(session):
                    return web.redirect('/login')
            if access != '':
                groups = session['groups'].split(',')
                if access not in groups: 
                    return web.redirect('/login')
            return func(self, *args, **kw)
        return proxyfunc
    return decorator

#
## PAGES
#
class index:
    @checkaccess(auth=True, access='admin')
    def GET(self):
    print web.ctx.environ
    service = web.ctx.environ['com.saddi.service.session']
    print '<br>'
    print service
    session = web.ctx.environ['com.saddi.service.session'].session
    print '<br><br> Session'
    print session
        web.render('index.html')

class login:
    @checkaccess()
    def GET(self):
        web.render('login.html')

    @checkaccess()
    def POST(self):
        user = web.storify({
        'id':1,
        'username':'mark',
        'password':'userss',
        'groups':'admin'
        })
        inp = web.input()
        if inp.username == user.username and inp.password == user.password:
            dologin(user)
            web.redirect('/')
        else:
            web.render('login.html')

class logout:
    @checkaccess()
    def GET(self):
        dologout()
        web.redirect('/')

#
## MIDDLEWARE FACTORIES
#        
def session_mw(app):
    sessionStore = DiskSessionStore(storeDir="%s/sessions/" % os.getcwd(), timeout=5)
    return SessionMiddleware(sessionStore, app) 
 
Anil



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.python.org/pipermail/tutor/attachments/20061012/841b47b2/attachment-0001.htm

More information about the Tutor mailing list