Working on a log in script to my webpage
Steve Holden
steve at holdenweb.com
Tue Mar 8 23:09:19 EST 2005
Pete..... wrote:
> The 2 scripts I made is actually working the way they where meant to. So im
> kindda happy :)
>
> The problem is, that I didnt think about the problem: as Steve wrote:
> "There are other matters of concern, however, the most pressing of which
> is: How am I going to stop user from navigating directly to page1?"
> Maybee I can find some premade feature, that prevents users to go to page1
> without logging in. Any ideas as to where I can find some information about
> this.
>
> Nice that you all take time to help a newbie, so thanks to the helpfull
> people :)
>
May the spirit of Python be with you. That's mostly the way people like
to behave around these parts.
Essentially the problem is that in order to avoid open access to the
site, every page access must somehow cause the web server or the
application code to verify that the user has already authenticated.
This is usually done by
a) having the server issue a unique cookie for each browser session, so
it can determine which user is associated with each request, and
b) maintaining a state for each session, which records (probably among
other things) whether or not the user is currently logged in.
PHP has one easy-to-use mechanism for this whereas Python appears to
have about thirty-five different ways to achieve it, of varying degrees
of difficulty. The trickiest thing is that unless the server/application
framework takes care of it for you (as happens, for example, with
Webware) then each page has to be generated dynamically, and must
include code to verify the user's authenticity.
If you are determined to stick with Python then try Googling for "Python
web session state". That will give you a better appreciation of the
problem, and point up a few possible solutions.
regards
Steve
More information about the Python-list
mailing list