I'm developing a backend in Django and I need to log in to another server backend with a simple POST method. So I would need to create a session object or something like that to handle that login.
Any Ideas on how to do that?
What you are really looking for is a Single Sign On (SSO). You might consider django-openid.
If you're not looking for single sign-on, then likely you want to either do the work in the view, and if you need the session to persist, store it in the (local django) session object; or outsource it to something like celery, and again, keep anything you need to keep track of in the session object.
Related
I just stated using Flask and was trying to implement a small feature in my project. The objective is to set a cookie only if the request comes from a authenticated user.
I found two ways of doing this.
First method
#app.before_request
def before_request():
# set cookie if user is logged in
Second method, by implementing something like this
adding-a-simple-middleware-to-your-flask-application
Can someone explain to me what are the main differences between the two methods and when and where which method should be used.
Also, I am currently using "flask-login" to keep track of the logged in user.
If I use the first method, I can easily verify if someone is logged in by importing the current_user
from flask.ext.login import current_user
but if I try to do the same while using the second method, the current_user is always "None" as the application context is incorrect.
So, I wanted to know if I decided to go ahead with the second implementation, how do I check if the user is logged in or not.
I've never used the second method you've mentioned. I'm sure that it can be done with it, but it's very uncommon. I would suggest to use more common features of flask. For sake of maintainers of your code :)
So the first method you've mentioned is fine.
Or you can use decorators for more granular access restrictions. Keep in mind that setting cookies in flask can be done when making actual response object. That means you should use Deferred Request Callbacks for setting cookies in decorated function.
I am in the midst of writing a web app in CherryPy. I have set it up so that it uses OpenID auth, and can successfully get user's ID/email address.
I would like to have it set so that whenever a page loads, it checks to see if the user is logged in, and if so displays some information about their login.
As I see it, the basic workflow should be like this:
Is there a userid stored in the current session? If so, we're golden.
If not, does the user have cookies with a userid and login token? If so, process them, invalidate the current token and assign a new one, and add the user information to the session. Once again, we're good.
If neither condition holds, display a "Login" link directing to my OpenID form.
Obviously, I could just include code (or a decorator) in every public page that would handle this. But that seems very... irritating.
I could also set up a default index method in each class, which would do this and then use a (page-by-page) helper method to display the rest of the content. But this seems like a nightmare when it comes to the occasional exposed method other than index.
So, my hope is this: is there a way in CherryPy to set some code to be run whenever a request is received? If so, I could use this to have it set up so that the current session always includes all the information I need.
Alternatively, is it safe to create a wrapper around the cherrypy.expose decorator, so that every exposed page also runs this code?
Or, failing either of those: I'm also open to suggestions of a different workflow. I haven't written this kind of system before, and am always open to advice.
Edit: I have included an answer below on how to accomplish what I want. However, if anybody has any workflow change suggestions, I would love the advice! Thanks all.
Nevermind, folks. Turns out that this isn't so bad to do; it is simply a matter of doing the following:
Write a function that does what I want.
Make the function in to a custom CherryPy Tool, set to the before_handler hook.
Enable that tool globally in my config.
I have an application that uses the requests library to make calls to a web service. On django, I use a table to keep sessions using the standard django_session library.
I've noticed that I have a new record in the database for every time the requests library fires off a call. I find this quite bizarre, since I'm not using request sessions (explicitly) and most of my calls are single GET calls that shouldn't need any kind of persistance.
Has anybody else had this problem?
django.contrib.sessions.middleware.SessionMiddleware will create a new session for each request.
If you want to disable this behavior, consider replacing django.contrib.sessions.middleware.SessionMiddleware with a custom middleware that extends django.contrib.sessions.middleware.SessionMiddleware but prevents sessions from being created in instances where you don't want them.
This answer provides an example of how to do so. It parses request.path_info to determine whether a session should be created, but you could use a number of different techniques, such as adding a custom header to your request, including a post variable, etc.
Turns out I had this setting turned on
SESSION_SAVE_EVERY_REQUEST=True
When I started with sessions I wanted to be safe to make sure nothing falls through the cracks. Turns out this was then writing empty session information to the db.
I'm working on a medium sized project in django and i want to be able to access the current user from within my query manager. I need to be able to design a custom manager to limit the results and querysets so that the current user only get's information related to him/her.
I've received a few suggestions, I've also seen the not so supported example of using threadlocals from a django middleware. However, i'm very confused as this seems to be most promising solution now. I am looking for a better way to do this, so i can gain access to the current user from within a model manager.
you can store the user object in the session object and get it out when needed
refer to how-to-lookup-django-session-for-a-particular-user
There is no sane way to get the user outside of the request. If the current user matters then pass it to any functions that need it.
is there any class to handle a SESSION (like php) in Python? not in django, but I want to use it with PyQt
thank you
The short answer is that there is no $SESSION variable in Python.
Python tends not to put things in global scope like PHP. Therefore, if you are accessing a user's session id, it will probably be accessed via dot notation module_name.ClassName.session. If you would like to create a PyQt app that acts as a webserver, you could probably adapt a web framework's implementation.
Others' responses to similar queries suggest implementing sessions via a simple database[1]. You could try assigning unique ids with uuid, and storing them with tools like sqlite3 or pickle.
[1] http://ubuntuforums.org/showthread.php?t=859645
Theres a session class with mod_python for apache, that can be a good starting point for making our own class. The class is not very dependent on apache to work.
http://www.modpython.org/