You are viewing a plain text version of this content. The canonical link for it is here.
Posted to asp@perl.apache.org by Quentin Smith <qu...@comclub.dyndns.org> on 2002/07/12 05:42:48 UTC
Accessing $Session Outside Apache?
Hi-
I'd like to access a variable I've set in $Session *outside* Apache. My
global.asa sets a couple variables in $Session which are based on a
username/password the user provides. As such, I can't pass the data
through a regular cookie. I'd like to pass data from my web server,
running on port 8081, to another web server (www.Zope.org), running on
port 8080 (don't ask). I think I'll have to 1) get Apache::ASP to send a
different Set-cookie header to allow it to be passed to other ports on
the same host and 2) figure out some way to safely access my StateDir
(/tmp/hbschools/, if it matters) without corrupting it. Ideally I'd like
to be able to access the session from python, although I wouldn't mind
calling a perl script. I only need to access one variable from the
$Session.
I await your help,
--Quentin
---------------------------------------------------------------------
To unsubscribe, e-mail: asp-unsubscribe@perl.apache.org
For additional commands, e-mail: asp-help@perl.apache.org
Re: Accessing $Session Outside Apache?
Posted by Josh Chamas <jo...@chamas.com>.
Quentin Smith wrote:
> Hi-
> Although yes, Zope does provide session management of its own, it is not
> automatically activated. I do not currently use it. In addition, I do
> not want one server to think the user is logged in while the other
> server thinks the session has expired. What I may do is create another
> table in PostgreSQL to store the session ID and then have Zope and my
> asp pages both access that. If Josh has any ideas on a cleaner way to do
> this that is closer to what I originally intended, he can chime in when
> he wakes up :)
I might create a simple global "session" by using a domain cookie,
and marking some field in the system accordingly. You could even
reuse the random $Session->{SessionID} for this.
So... ( MySQL SQL )
update users set login_session_id = $Session->{SessionID},
login_session_expires = now() + interval 1 day
where username = ?
... then set global domain cookie that will be sent to both servers,
over SSL only if you require this:
$Response->{Cookies}{global_session_id} =
{
Secure => 1,
Value => $Session->{SessionID},
Expires => 86400,
Domain => 'yourdomain.com',
Path => '/'
};
You could try to have Zope read the sessions directly
off disk, or put your sessions into the database with
Apache::Session, but I would not recommend either of these
things, because things could always break later when
hacking into undocumented data structures. For example,
I change the hashing implementation on Apache::ASP sessions
from time to time for performance reasons, backwards compatible,
but probably not with any work that you do to read them
off disk.
--Josh
________________________________________________________________
Josh Chamas, Founder phone:714-625-4051
Chamas Enterprises Inc. http://www.chamas.com
NodeWorks Link Checking http://www.nodeworks.com
---------------------------------------------------------------------
To unsubscribe, e-mail: asp-unsubscribe@perl.apache.org
For additional commands, e-mail: asp-help@perl.apache.org
Re: Accessing $Session Outside Apache?
Posted by Quentin Smith <qu...@comclub.dyndns.org>.
Hi-
Although yes, Zope does provide session management of its own, it is not
automatically activated. I do not currently use it. In addition, I do
not want one server to think the user is logged in while the other
server thinks the session has expired. What I may do is create another
table in PostgreSQL to store the session ID and then have Zope and my
asp pages both access that. If Josh has any ideas on a cleaner way to do
this that is closer to what I originally intended, he can chime in when
he wakes up :)
--Quentin
On Friday, July 12, 2002, at 12:53 AM, Joel Hughes wrote:
> Ok Quentin,
> will I don't know much about Zope but I do know that it must have some
> sort
> of session management of its own.
>
> Why don't you do this:
> when the user hits Zope and there is not username/password in the Zope
> session then Zope redirects to the ASP login page.
> The user then logs in and the page 'knows' that it came from Zope
> (querystring/POST hidden data/referrer whatever way you want to do it)
> and
> so POSTs back to a Zope (via SSL if you like) 'logged in' page which
> takes
> the POSTed username/password and sticks it in the Zope session vars.
>
> joel
>
>
> -----Original Message-----
> From: Quentin Smith [mailto:quentins@comclub.dyndns.org]
> Sent: 12 July 2002 05:32
> To: joel@jojet.com
> Cc: asp@perl.apache.org
> Subject: Re: Accessing $Session Outside Apache?
>
>
> Hi-
> I'd like to have a user be able to start either on Apache or Zope. Zope
> should sense if the user has a current session (I think I can manage
> this). If not, it will redirect the user to an ASP login form. The ASP
> login form will then sense that the user came from Zope and then send
> them back. In other words, I want my one login form in Apache to process
> logins for both Apache and Zope. Since all important data is in a
> PostgreSQL database, all I need is to be able to pass the username back
> and forth with a reasonable amount of security (thus I can't just pass
> the username as a cookie.) All I need is read-only access to the
> $Session from Zope. If the user's session variable has not expired, I'd
> like them to be able to access any page on either server.
> I hope I have explained myself clearly.
> --Quentin
> P.S. If you're curious, I have www.Squishdot.org set up in Zope, and I'd
> like to integrate it into my existing site. Although if you do enough
> reading, you will see that Zope runs well with Apache as a proxy, this
> will not work in my situation.
> On Friday, July 12, 2002, at 12:19 AM, Joel Hughes wrote:
>
>> HI Quentin,
>> interesting set up you have here.... ;-)
>>
>> 1does the web user pass from Apache to Zope and then back to Apache?
>> I.e. is
>> this serial?
>>
>> If the answer to is yes then I would POST the data to Zope on the "jump
>> off"
>> page in Apache. Zope can then always POST the data back to Apache for
>> it to
>> place back into $Session.
>>
>> ...or are you saying that you want Zope and Apache to have simultaneous
>> access to this session data (why? is a user on 2 pages at the same
>> time?)
>>
>> joel
>>
>>
>> -----Original Message-----
>> From: Quentin Smith [mailto:quentins@comclub.dyndns.org]
>> Sent: 12 July 2002 04:43
>> To: asp@perl.apache.org
>> Subject: Accessing $Session Outside Apache?
>>
>>
>> Hi-
>> I'd like to access a variable I've set in $Session *outside* Apache. My
>> global.asa sets a couple variables in $Session which are based on a
>> username/password the user provides. As such, I can't pass the data
>> through a regular cookie. I'd like to pass data from my web server,
>> running on port 8081, to another web server (www.Zope.org), running on
>> port 8080 (don't ask). I think I'll have to 1) get Apache::ASP to
>> send a
>> different Set-cookie header to allow it to be passed to other ports on
>> the same host and 2) figure out some way to safely access my StateDir
>> (/tmp/hbschools/, if it matters) without corrupting it. Ideally I'd
>> like
>> to be able to access the session from python, although I wouldn't mind
>> calling a perl script. I only need to access one variable from the
>> $Session.
>> I await your help,
>> --Quentin
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: asp-unsubscribe@perl.apache.org
>> For additional commands, e-mail: asp-help@perl.apache.org
>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: asp-unsubscribe@perl.apache.org
>> For additional commands, e-mail: asp-help@perl.apache.org
>>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: asp-unsubscribe@perl.apache.org
> For additional commands, e-mail: asp-help@perl.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: asp-unsubscribe@perl.apache.org
For additional commands, e-mail: asp-help@perl.apache.org
RE: Accessing $Session Outside Apache?
Posted by Joel Hughes <jo...@jojet.com>.
Ok Quentin,
will I don't know much about Zope but I do know that it must have some sort
of session management of its own.
Why don't you do this:
when the user hits Zope and there is not username/password in the Zope
session then Zope redirects to the ASP login page.
The user then logs in and the page 'knows' that it came from Zope
(querystring/POST hidden data/referrer whatever way you want to do it) and
so POSTs back to a Zope (via SSL if you like) 'logged in' page which takes
the POSTed username/password and sticks it in the Zope session vars.
joel
-----Original Message-----
From: Quentin Smith [mailto:quentins@comclub.dyndns.org]
Sent: 12 July 2002 05:32
To: joel@jojet.com
Cc: asp@perl.apache.org
Subject: Re: Accessing $Session Outside Apache?
Hi-
I'd like to have a user be able to start either on Apache or Zope. Zope
should sense if the user has a current session (I think I can manage
this). If not, it will redirect the user to an ASP login form. The ASP
login form will then sense that the user came from Zope and then send
them back. In other words, I want my one login form in Apache to process
logins for both Apache and Zope. Since all important data is in a
PostgreSQL database, all I need is to be able to pass the username back
and forth with a reasonable amount of security (thus I can't just pass
the username as a cookie.) All I need is read-only access to the
$Session from Zope. If the user's session variable has not expired, I'd
like them to be able to access any page on either server.
I hope I have explained myself clearly.
--Quentin
P.S. If you're curious, I have www.Squishdot.org set up in Zope, and I'd
like to integrate it into my existing site. Although if you do enough
reading, you will see that Zope runs well with Apache as a proxy, this
will not work in my situation.
On Friday, July 12, 2002, at 12:19 AM, Joel Hughes wrote:
> HI Quentin,
> interesting set up you have here.... ;-)
>
> 1does the web user pass from Apache to Zope and then back to Apache?
> I.e. is
> this serial?
>
> If the answer to is yes then I would POST the data to Zope on the "jump
> off"
> page in Apache. Zope can then always POST the data back to Apache for
> it to
> place back into $Session.
>
> ...or are you saying that you want Zope and Apache to have simultaneous
> access to this session data (why? is a user on 2 pages at the same
> time?)
>
> joel
>
>
> -----Original Message-----
> From: Quentin Smith [mailto:quentins@comclub.dyndns.org]
> Sent: 12 July 2002 04:43
> To: asp@perl.apache.org
> Subject: Accessing $Session Outside Apache?
>
>
> Hi-
> I'd like to access a variable I've set in $Session *outside* Apache. My
> global.asa sets a couple variables in $Session which are based on a
> username/password the user provides. As such, I can't pass the data
> through a regular cookie. I'd like to pass data from my web server,
> running on port 8081, to another web server (www.Zope.org), running on
> port 8080 (don't ask). I think I'll have to 1) get Apache::ASP to send a
> different Set-cookie header to allow it to be passed to other ports on
> the same host and 2) figure out some way to safely access my StateDir
> (/tmp/hbschools/, if it matters) without corrupting it. Ideally I'd like
> to be able to access the session from python, although I wouldn't mind
> calling a perl script. I only need to access one variable from the
> $Session.
> I await your help,
> --Quentin
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: asp-unsubscribe@perl.apache.org
> For additional commands, e-mail: asp-help@perl.apache.org
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: asp-unsubscribe@perl.apache.org
> For additional commands, e-mail: asp-help@perl.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: asp-unsubscribe@perl.apache.org
For additional commands, e-mail: asp-help@perl.apache.org
Re: Accessing $Session Outside Apache?
Posted by Quentin Smith <qu...@comclub.dyndns.org>.
Hi-
I'd like to have a user be able to start either on Apache or Zope. Zope
should sense if the user has a current session (I think I can manage
this). If not, it will redirect the user to an ASP login form. The ASP
login form will then sense that the user came from Zope and then send
them back. In other words, I want my one login form in Apache to process
logins for both Apache and Zope. Since all important data is in a
PostgreSQL database, all I need is to be able to pass the username back
and forth with a reasonable amount of security (thus I can't just pass
the username as a cookie.) All I need is read-only access to the
$Session from Zope. If the user's session variable has not expired, I'd
like them to be able to access any page on either server.
I hope I have explained myself clearly.
--Quentin
P.S. If you're curious, I have www.Squishdot.org set up in Zope, and I'd
like to integrate it into my existing site. Although if you do enough
reading, you will see that Zope runs well with Apache as a proxy, this
will not work in my situation.
On Friday, July 12, 2002, at 12:19 AM, Joel Hughes wrote:
> HI Quentin,
> interesting set up you have here.... ;-)
>
> 1does the web user pass from Apache to Zope and then back to Apache?
> I.e. is
> this serial?
>
> If the answer to is yes then I would POST the data to Zope on the "jump
> off"
> page in Apache. Zope can then always POST the data back to Apache for
> it to
> place back into $Session.
>
> ...or are you saying that you want Zope and Apache to have simultaneous
> access to this session data (why? is a user on 2 pages at the same
> time?)
>
> joel
>
>
> -----Original Message-----
> From: Quentin Smith [mailto:quentins@comclub.dyndns.org]
> Sent: 12 July 2002 04:43
> To: asp@perl.apache.org
> Subject: Accessing $Session Outside Apache?
>
>
> Hi-
> I'd like to access a variable I've set in $Session *outside* Apache. My
> global.asa sets a couple variables in $Session which are based on a
> username/password the user provides. As such, I can't pass the data
> through a regular cookie. I'd like to pass data from my web server,
> running on port 8081, to another web server (www.Zope.org), running on
> port 8080 (don't ask). I think I'll have to 1) get Apache::ASP to send a
> different Set-cookie header to allow it to be passed to other ports on
> the same host and 2) figure out some way to safely access my StateDir
> (/tmp/hbschools/, if it matters) without corrupting it. Ideally I'd like
> to be able to access the session from python, although I wouldn't mind
> calling a perl script. I only need to access one variable from the
> $Session.
> I await your help,
> --Quentin
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: asp-unsubscribe@perl.apache.org
> For additional commands, e-mail: asp-help@perl.apache.org
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: asp-unsubscribe@perl.apache.org
> For additional commands, e-mail: asp-help@perl.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: asp-unsubscribe@perl.apache.org
For additional commands, e-mail: asp-help@perl.apache.org
RE: Accessing $Session Outside Apache?
Posted by Joel Hughes <jo...@jojet.com>.
HI Quentin,
interesting set up you have here.... ;-)
1does the web user pass from Apache to Zope and then back to Apache? I.e. is
this serial?
If the answer to is yes then I would POST the data to Zope on the "jump off"
page in Apache. Zope can then always POST the data back to Apache for it to
place back into $Session.
...or are you saying that you want Zope and Apache to have simultaneous
access to this session data (why? is a user on 2 pages at the same time?)
joel
-----Original Message-----
From: Quentin Smith [mailto:quentins@comclub.dyndns.org]
Sent: 12 July 2002 04:43
To: asp@perl.apache.org
Subject: Accessing $Session Outside Apache?
Hi-
I'd like to access a variable I've set in $Session *outside* Apache. My
global.asa sets a couple variables in $Session which are based on a
username/password the user provides. As such, I can't pass the data
through a regular cookie. I'd like to pass data from my web server,
running on port 8081, to another web server (www.Zope.org), running on
port 8080 (don't ask). I think I'll have to 1) get Apache::ASP to send a
different Set-cookie header to allow it to be passed to other ports on
the same host and 2) figure out some way to safely access my StateDir
(/tmp/hbschools/, if it matters) without corrupting it. Ideally I'd like
to be able to access the session from python, although I wouldn't mind
calling a perl script. I only need to access one variable from the
$Session.
I await your help,
--Quentin
---------------------------------------------------------------------
To unsubscribe, e-mail: asp-unsubscribe@perl.apache.org
For additional commands, e-mail: asp-help@perl.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: asp-unsubscribe@perl.apache.org
For additional commands, e-mail: asp-help@perl.apache.org