[Twisted-Python] twisted.web.woven.guard.SessionWrapper problems

Matthias Urlichs smurf at smurf.noris.de
Mon May 12 03:26:45 EDT 2003

I was experimenting with twisted.web.woven.guard yesterday and ran into a

Some browsers, including wget, don't like _at_all_ when you have a cycle
in your redirections, even though they should notice that they now have a
cookie while formerly they didn't.

Therefore I propose to rewrite the SessionWrapper to always change the
user's path, like this (the string "sp" is self.cookieKey):

	Set cookie
	Redirect to /sessionized-url/sp__aef9c34aecc3d9148/foo
	Redirect to either of the next two URLs depending on whether I see a
	URL to use with cookies
	URL to use without cookies

Finally, /sessionized-url/sp/foo, but no cookie, would do

	class SessionWrapper(...):
		def __init__(..., on_timeout=None):
			self.timed_out = timed_out
		def getChild(...):
			if (path == self.prefix and not self.sessions.has_key(cookie):
				return self.on_timeout(path,request)

so that access with no session can be distinguished from a plain link into
/sessionized-url/foo; the latter means the user might want to log in, but
the former should tell the user that their session has timed out before
offering the login page.

An additional advantage of this scheme would be that
.../unsessionized-url/ can be reaced with a constant number of backpaths.

Oh yes, and I'd like to make http://somewhere.example/sessionized-url and
(i.e. no paths) work. At the moment that causes an ugly error because
SessionWrapper doesn't override render().

Thoughts? Or is somebody else going to rewrite this module next week
anyway and I therefore probably shouldn't bother?

Matthias Urlichs  | {M:U} IT Consulting @ m-u-it.de  |  smurf at smurf.noris.de
Disclaimer: The quote was selected randomly. Really. | http://smurf.noris.de
Van Roy's Law:
	An unbreakable toy is useful for breaking other toys.

More information about the Twisted-Python mailing list