Phillip J. Eby wrote: > At 11:22 AM 1/22/2006 -0500, Jim Fulton wrote: > >> Typically, web servers provide access logs that include a label >> for the authenticated user. >> >> Often, WSGI applications (or middleware) provide their own user >> authentication facilities. Well, Zope does. :) >> >> There doesn't seem to be a standard way for WSGI applications or >> middleware to communicate the information necessary for a server >> to log the authenticated user back to the server. >> >> Am I missing something? How do other people handle this? >> >> Is Zope the only WSGI application that performs authentication >> itself? > > > I think Zope is the only WSGI application that cares about communicating > this information back to the web server's logs. :)
I hope that's not true. Certainly, if anyone else is doing authentication in their applications or middleware, they *should* care about getting information into the access logs. > Or at least, the > only one whose author has said so. :) Please, someone else speak up. :) > Perhaps an "X-Authenticated-User: foo" header could be added in a future > spec version? (And as an optional feature in the current PEP.) Perhaps. Note that it should be clear that this is soley for use in the access log. There should be no assumption that this is a principal id or a login name. It is really just a label for the log. To make this clearer, I'd use something like: "X-Access-User-Label: foo". > This > seems a simpler way to incorporate the feature than adding an extension > API to environ. Why is that? Isn't the env meant for communication between the WSGI layers? I'm not sure I'd want to send this information back to the browser. Jim -- Jim Fulton mailto:[EMAIL PROTECTED] Python Powered! CTO (540) 361-1714 http://www.python.org Zope Corporation http://www.zope.com http://www.zope.org _______________________________________________ Web-SIG mailing list [email protected] Web SIG: http://www.python.org/sigs/web-sig Unsubscribe: http://mail.python.org/mailman/options/web-sig/archive%40mail-archive.com
