I tried looking online on how to define a descriptor and it looks fairly straightforward, but I don't see how to incorporate it with the @ syntax that google's @requier_login uses. Can you point me in the right direction or show me a a way to do this?
Thanks again! On Jan 28, 9:09 am, Blixt <[email protected]> wrote: > Oh and regarding your second question: > This behavior can be implied to the user's browser by not sending an > expiry header for the cookie that holds the session id. I don't know > if gaeutilities let's you specify this, but I would assume it does. > > If you want to truly enforce it on the server side, you can add a > timestamp to your sessions in the datastore and not let the user > continue using a session if the session hasn't been requested for x > amount of time. The timestamp would be updated every time the session > is requested so that the session only expires if the user stops using > the page for a while (which would imply that the user has left the > page.) > > On Jan 28, 3:02 pm, Blixt <[email protected]> wrote: > > > > > If you're familiar with Python: > > If you've got separate request handlers for the parts of the site that > > require login and the parts that don't, you can make a function > > descriptor that checks if the user is logged in before calling the > > actual function. If the user is not logged in, it redirects to a login > > page. Then you can use this descriptor on the get / post methods. > > > Google provides this functionality with their @require_login > > descriptor that redirects to the Google Accounts login page if the > > user is not logged in, but this doesn't work when rolling your own > > authentication system, obviously. > > > If you're not familiar with Python: > > The simplest way is probably to just make a function you can call that > > returns True if the user is logged in. If the user is not logged in, > > it redirects the user to your login page, then returns False. In your > > actual get / post method you check whether the result of this function > > is False, and if so, you leave the method: > > > def logged_in(request): > > if [user is logged in]: > > return True > > request.redirect('/login') > > return False > > > class UserSettings(webapp.RequestHandler): > > def get(self): > > if not logged_in(self): return > > # show page > > > On Jan 28, 3:13 am, solidus <[email protected]> wrote: > > > > Hi all, > > > > I'm new to appengine and somewhat new to web development. My question > > > is regarding proper ways to use sessions. > > > > I'm currently messing around using the gaeutilities sessions module. I > > > have a basic login page and some content. The question is what is the > > > standard/best practice way to ensure that users aren't accessing parts > > > of your site (via direct URL) without first going through the login > > > screen? > > > > Also, how does one go about deleting or clearing session data once the > > > user leaves the site without logging out first? > > > > Thanks!- Hide quoted text - > > - Show quoted text - --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~----------~----~----~----~------~----~------~--~---
