Setting cookies in WSGIAuthUserScript
139 views
Skip to first unread message
Pontus Enmark
Nov 13, 2008, 7:53:15 AM11/13/08
to modwsgi
Hi,
I'm porting our mod_python basic auth script to a wsgi-equivalent one.
In our app we use apache's basic auth mechanism to allow users to
access the svn module
on the same server without having to re-log in.
Everything seems to work fine, except that I need to set a cookie in
check_password(), so
the user lookup doesn't have to take place in every request, since
it's fairly expensive (it's
an LDAP lookup on a remote machine).
So, basically, how do I set a cookie from within the auth script?
Thanks,
Pontus
I'm porting our mod_python basic auth script to a wsgi-equivalent one.
In our app we use apache's basic auth mechanism to allow users to
access the svn module
on the same server without having to re-log in.
Everything seems to work fine, except that I need to set a cookie in
check_password(), so
the user lookup doesn't have to take place in every request, since
it's fairly expensive (it's
an LDAP lookup on a remote machine).
So, basically, how do I set a cookie from within the auth script?
Thanks,
Pontus
gert
Nov 13, 2008, 10:52:30 AM11/13/08
to modwsgi
response('200 OK',[('Content-type', 'text/xml'),('Content-Length',
size),('Set-Cookie', sid)])
size),('Set-Cookie', sid)])
Pontus Enmark
Nov 13, 2008, 11:08:14 AM11/13/08
to mod...@googlegroups.com
The WSGIAuthUserScript isn't a wsgi application per se, it's just a python script
that implements the function check_password(environ, user, password) which returns
True/False so that wouldn't work?
Pontus
that implements the function check_password(environ, user, password) which returns
True/False so that wouldn't work?
Pontus
2008/11/13 gert <gert.c...@gmail.com>
Martin (gzlist)
Nov 13, 2008, 1:19:02 PM11/13/08
to mod...@googlegroups.com
On 13/11/2008, Pontus Enmark <pontus...@gmail.com> wrote:
>
> So, basically, how do I set a cookie from within the auth script?
>
> So, basically, how do I set a cookie from within the auth script?
I don't believe you can. Unlike mod_python this uses the Apache 2.2
authentication backend provider stuff. Even if the new interface still
lets you get at the output headers that is not exposed by mod_wsgi.
Have you thought about the problem from another angle? You seem to be
using headers as a basic cache to save processing - move the cache to
the auth script instead? If threaded, a simple dict could do.
Martin
Graham Dumpleton
Nov 13, 2008, 7:17:39 PM11/13/08
to mod...@googlegroups.com
2008/11/14 Martin (gzlist) <gzl...@googlemail.com>:
>
> On 13/11/2008, Pontus Enmark <pontus...@gmail.com> wrote:
>>
>> So, basically, how do I set a cookie from within the auth script?
>
> I don't believe you can. Unlike mod_python this uses the Apache 2.2
> authentication backend provider stuff. Even if the new interface still
> lets you get at the output headers that is not exposed by mod_wsgi.
>
> On 13/11/2008, Pontus Enmark <pontus...@gmail.com> wrote:
>>
>> So, basically, how do I set a cookie from within the auth script?
>
> I don't believe you can. Unlike mod_python this uses the Apache 2.2
> authentication backend provider stuff. Even if the new interface still
> lets you get at the output headers that is not exposed by mod_wsgi.
There is a way of doing it, but not documented and relies on some
special extensions.
Don't have time to explain right now, but will later.
> Have you thought about the problem from another angle? You seem to be
> using headers as a basic cache to save processing - move the cache to
> the auth script instead? If threaded, a simple dict could do.
I'd also perhaps suggest a lookup cache on server side may be a better
way of doing it if performance is an issue.
More later when have time and have had a think about it. Pity Apache
2.4 not out yet, as mod_session in that would likely help.
Graham
Pontus Enmark
Nov 14, 2008, 2:34:21 AM11/14/08
to mod...@googlegroups.com
>There is a way of doing it, but not documented and relies on some
> On 13/11/2008, Pontus Enmark <pontus...@gmail.com> wrote:
>>
>> So, basically, how do I set a cookie from within the auth script?
>
> I don't believe you can. Unlike mod_python this uses the Apache 2.2
> authentication backend provider stuff. Even if the new interface still
> lets you get at the output headers that is not exposed by mod_wsgi.
special extensions.
Don't have time to explain right now, but will later.
Are you referring to using the apache request_rec with ap_swig_py?
I'd also perhaps suggest a lookup cache on server side may be a better
> Have you thought about the problem from another angle? You seem to be
> using headers as a basic cache to save processing - move the cache to
> the auth script instead? If threaded, a simple dict could do.
way of doing it if performance is an issue.
Yes, I think this may be the way to go.
More later when have time and have had a think about it. Pity Apache
2.4 not out yet, as mod_session in that would likely help.
Graham
Pontus
Graham Dumpleton
Nov 14, 2008, 5:12:51 AM11/14/08
to mod...@googlegroups.com
2008/11/14 Pontus Enmark <pontus...@gmail.com>:
never sat down and worked out steps for doing that though. You could
also write a custom Python C extension module as well which takes
apache.request_rec and does what is required.
Anyway, the reason you can't do it with mod_wsgi alone at moment is because of:
http://code.google.com/p/modwsgi/issues/detail?id=69
If this was done, you could check for inbound cookie in authentication
handler. The outbound cookie would then be set in WSGI middleware
wrapper around the WSGI application itself in the WSGI script file. If
necessary, the WSGI middleware wrapper would use REMOTE_USER from
environ to identify user.
Graham
>> >
>> > On 13/11/2008, Pontus Enmark <pontus...@gmail.com> wrote:
>> >>
>> >> So, basically, how do I set a cookie from within the auth script?
>> >
>> > I don't believe you can. Unlike mod_python this uses the Apache 2.2
>> > authentication backend provider stuff. Even if the new interface still
>> > lets you get at the output headers that is not exposed by mod_wsgi.
>>
>> There is a way of doing it, but not documented and relies on some
>> special extensions.
>>
>> Don't have time to explain right now, but will later.
>
> Are you referring to using the apache request_rec with ap_swig_py?
Yes. It may also be possible to use ctypes instead of ap_swig_py, have
>> > On 13/11/2008, Pontus Enmark <pontus...@gmail.com> wrote:
>> >>
>> >> So, basically, how do I set a cookie from within the auth script?
>> >
>> > I don't believe you can. Unlike mod_python this uses the Apache 2.2
>> > authentication backend provider stuff. Even if the new interface still
>> > lets you get at the output headers that is not exposed by mod_wsgi.
>>
>> There is a way of doing it, but not documented and relies on some
>> special extensions.
>>
>> Don't have time to explain right now, but will later.
>
> Are you referring to using the apache request_rec with ap_swig_py?
never sat down and worked out steps for doing that though. You could
also write a custom Python C extension module as well which takes
apache.request_rec and does what is required.
Anyway, the reason you can't do it with mod_wsgi alone at moment is because of:
http://code.google.com/p/modwsgi/issues/detail?id=69
If this was done, you could check for inbound cookie in authentication
handler. The outbound cookie would then be set in WSGI middleware
wrapper around the WSGI application itself in the WSGI script file. If
necessary, the WSGI middleware wrapper would use REMOTE_USER from
environ to identify user.
Graham
Reply all
Reply to author
Forward
0 new messages