Dear list, I'm rolling my own simple authentication which has always worked like that in several other Pylons projects (see http://wiki.pylonshq.com/display/pylonscookbook/Simple+Homegrown+Authentication) by adding a conditional redirection in the BaseController's __before__ method:
================================================
class BaseController(WSGIController):
def __before__(self):
controller = \
request.environ['pylons.routes_dict'].get('controller')
# Enforce authentication
# (unless we are in the /login controller
# or else we would get a redirection loop)
# Current logged in username is saved in session['admin']
if not session.get('admin'):
if controller != 'admin':
redirect_to('/login')
================================================
This works well if I'm not logged in and try to reach a valid URL. I'll get
redirected to /login and see the login form. All is well.
However if I try to access an invalid URL which would usually lead to a 404
error (/some/weird/url) then something strange happens:
- a 404 response is sent
- content of the 404 response is a "302 Found ..." page with a
Location header trying to redirect me to /login
So somehow the 404 handler seems to interfere with my attempt to redirect.
Can anybody tell me why this happens and if it can be worked around? I
wonder why this doesn't happen in my older 0.9.6 projects.
Thanks in advance.
Kindly
Christoph
signature.asc
Description: OpenPGP digital signature
