Re: Find the Cookie owner

Thu, 12 Oct 2006 16:34:46 -0700

You'll probably find it much easier to use Django to serve those static files, rather than trying to duplicate Django functionality in modpython.

--Ned.

Mario Gonzalez ( mario__ ) wrote: 
 Hi, I'm writing a code for a media server and I want to serve static
files to authenticated users only. I check against Django's session
table (django_session) and that's ok (IMO) but in session_data there
isn't the userid and I need it for security reasons; So I sent you
what I'm doing so far and please, I'd really like that someone can
help me a bit if you please.

  Many thanks!


PS: Greetings from Chile.
  

from mod_python import apache, Cookie
from os import environ

def accesshandler(req, **kwargs):
    """
    (Was) Authentication handler that checks against Django's auth database.
    (Is)  Access handler that check agains Django's session table
    """

    options = req.get_options()
    settings_module = options.get('DJANGO_SETTINGS_MODULE', None)
    if settings_module:
        environ['DJANGO_SETTINGS_MODULE'] = settings_module
    else:
        return apache.HTTP_FORBIDDEN

    cookies = Cookie.get_cookies(req)

    if cookies.has_key('sessionid'):
        django_sessionid = cookies['sessionid'].value
    else:
        return apache.HTTP_FORBIDDEN

    from django import db
    db.reset_queries()

    cursor = db.connection.cursor()
    sql = """
          SELECT session_data
          FROM django_session
          WHERE expire_date > now()
           AND session_key = '%s'
    """ % django_sessionid
    cursor.execute( sql )
    session = cursor.dictfetchone()

    sessionid_is_found = False
    if len(session['session_data']) > 0:
        sessionid_is_found = True

    if not sessionid_is_found:
        return apache.HTTP_FORBIDDEN

    import base64
    a = base64.decodestring( session['session_data'] )

    #who is the owner of this cookie??!
    #cause in session['session_data'], is not
    req.write(a)


    return apache.HTTP_UNAUTHORIZED

  

-- 
Ned Batchelder, http://nedbatchelder.com

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Django developers" group.
To post to this group, send email to django-developers@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at http://groups.google.com/group/django-developers
-~----------~----~----~----~------~----~------~--~---

Reply via email to