[Web-SIG] How to make REMOTE_USER variable private across WSGI middlewares?

Etienne Robillard tkadm30 at yandex.com
Tue Oct 11 18:47:32 EDT 2016

Here's the source code: 

A live demo is here: http://www.isotopesoftware.ca/

The problem is in the init_request method.

The current implementation uses threading.local.

I have no idea how to make the WSGI environ object a thread-local in 
case the remote user has been logged in.

Any input would be greatly appreciated.



Le 2016-10-10 à 10:30, Etienne Robillard a écrit :
> Hi,
> I'm attempting to develop a OAuth 2.0 authentication middleware which 
> sets REMOTE_USER variable into the WSGI environ object, however I'm 
> unable to make this variable unique for the logged user.
> Is it recommended to use threading.local or gevent to make the WSGI 
> environment persisting on a per-request basis ?
> What others options can you advise to make private request data not 
> accessible in WSGI ?
> Thanks in advance,
> Etienne

Etienne Robillard
tkadm30 at yandex.com

More information about the Web-SIG mailing list