2009/2/23 Chris Beaven <[email protected]>: > > > > On Feb 23, 1:19 pm, Graham Dumpleton <[email protected]> > wrote: >> 2009/2/23 Chris Beaven <[email protected]>: >> >> >> >> > I'm looking at ways to secure static resources to logged in Django >> > users. >> >> > WSGIAccessScript looked perfect, except after experimentation, I see >> > the environ variable it sends is indeed very bare. To determine >> > whether a Django user is logged in, I'd need access to cookies which >> > isn't sent as part of environ to the WSGIAccessScript method. >> >> > Any clues as to how I'd achieve this (preferably avoiding serving all >> > these static requests through WSGI)? >> >> Need at least: >> >> http://code.google.com/p/modwsgi/issues/detail?id=69 > > Thanks Graham, so this would probably work with r1123 and above? > >> Is the intent to just forbid access if not logged into Apache, or are >> you expecting to be able to redirect to a Django login page. > > For a start, just forbidding access is the priority. > > It'd be useful if it could redirect to login too, but that's of > secondary importance. > I'm guessing that this would a different method - a way of letting > wsgi do a request pass-through or something
You can try setting Apache ErrorDocument directive for 403 error status for that part of directory tree, with it referencing a page, possibly served by Django application, that generates a page with a meta refresh tag which redirects to login page. Graham --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "modwsgi" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/modwsgi?hl=en -~----------~----~----~----~------~----~------~--~---
