[Zope] session
Maciej Wisniowski
maciej.wisniowski at coig.katowice.pl
Tue Feb 13 07:22:47 EST 2007
> i did it, but it don´t work,
Because this code has no sense this way.
You're just storing and retrieving data from session.
What do you suppose this will do...
Try something like:
def extractCredentials(self, request):
creds = {}
session = self.REQUEST.SESSION
creds = session.get('_key', None)
if creds:
return creds
login = request.get('__ac_name', '')
if login:
# Look in the request for the names coming from the login form
login = request.get('__ac_name', '')
password = request.get('__ac_password', '')
if login:
creds['login'] = login
creds['password'] = password
if creds:
creds['remote_host'] = request.get('REMOTE_HOST', '')
try:
creds['remote_address'] = request.getClientAddr()
except AttributeError:
creds['remote_address'] = request.get('REMOTE_ADDR', '')
session.set('_key', creds)
return creds
return None
You should use protected class (like in CAS4PAS) to store credentials
in session. Also you should think how it is supposed to work and what
should be done in extractCredentials and what in authenticateCredentials
functions, etc.
So far this code checks if there is object in session and if so then it
extracts
credentials from this object, if no, then it tries to extract credentials
from request.
You should now validate these credentials with something (eg. RDBMS),
possibly in authenticateCredentials function.
--
Maciej Wisniowski
More information about the Zope
mailing list