[kforge-dev] Re: access control
Rufus Pollock
rufus.pollock at okfn.org
Mon Jan 30 12:52:15 UTC 2006
John Bywater wrote:
> Rufus -
>
> Would the request 'req' passed into the authenhandler() will contain our
> session cookie?
>
> http://scm.kforge.net/svn/kforge/trunk/src/kforge/apache/modpython.py
>
> Let's look at writing a little mod_python "view" at some point? I'm sure
> I don't know all the things you learned when you developed that mod
> python handler. But it would be nice not to have any basic-auth pop-up
> curiousness, and to eliminate the obvious code repetition....
Good idea John -- I'd been thinking about this just last week. Modpython
does indeed support cookies_[1] and this would allow give us several
benefits including:
1. single sign-on
2. ability to be logged in even when just visitor is allowed in
The one thing we must remember is we also have to support traditional
apache auth so that access to e.g. subversion still works when people
just use a command line client.
Anyway I'll take a look at getting this into trunk this week or next.
~rufus
[1] See the examples at:
<http://www.modpython.org/live/current/doc-html/pyapi-cookie-example.html>
More information about the kforge-dev
mailing list