[Web-SIG] How to make REMOTE_USER variable private across WSGI middlewares?

Randy Syring randy at thesyrings.us
Tue Oct 11 19:44:56 EDT 2016

I think this is not the best mailing list to ask a question like this.  
You are probably better served to ask on Stack Overflow or some other 
place with more activity.

For what it's worth, I also think you might misunderstand how WSGI 
works.  I believe the environment object is supposed to exist in a 
request context.  I'm assuming you only need one user per request, so 
simply filling in the value of REMOTE_USER seems to me like it should 
work.  However, I haven't looked at your code or thought long about the 
problem, it's just an off-handed observation based on your description 

*Randy Syring*
Husband | Father | Redeemed Sinner

/"For what does it profit a man to gain the whole world
and forfeit his soul?" (Mark 8:36 ESV)/

On 10/11/2016 06:47 PM, Etienne Robillard wrote:
> Here's the source code: 
> https://bitbucket.org/tkadm30/django-hotsauce/src/6a862e22e045cb10a84f3b08e4c237ed592ecec7/lib/notmm/controllers/wsgi.pyx
> A live demo is here: http://www.isotopesoftware.ca/
> The problem is in the init_request method.
> The current implementation uses threading.local.
> I have no idea how to make the WSGI environ object a thread-local in 
> case the remote user has been logged in.
> Any input would be greatly appreciated.
> Regards,
> Etienne
> Le 2016-10-10 à 10:30, Etienne Robillard a écrit :
>> Hi,
>> I'm attempting to develop a OAuth 2.0 authentication middleware which 
>> sets REMOTE_USER variable into the WSGI environ object, however I'm 
>> unable to make this variable unique for the logged user.
>> Is it recommended to use threading.local or gevent to make the WSGI 
>> environment persisting on a per-request basis ?
>> What others options can you advise to make private request data not 
>> accessible in WSGI ?
>> Thanks in advance,
>> Etienne

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/web-sig/attachments/20161011/62fe8c91/attachment.html>

More information about the Web-SIG mailing list