[Twisted-web] Nevow: Authenticated site with "remember me" and
matt at pollenation.net
Thu Nov 4 15:47:01 MST 2004
On Sat, 2004-10-30 at 12:26 -0400, Donovan Preston wrote:
> On Oct 30, 2004, at 11:03 AM, Paul Moore wrote:
> > 2. I'd like to add a "remember me" checkbox, which if checked sets a
> > cookie to remember the user's ID, so that they don't have to log
> > in again for (say) 2 weeks. Much like gmail, or Yahoo, do. But I'm
> > not too sure how I'd go about this. I'm not even sure where I'd
> > *put* auto-login code: the page is too late (the guard has done
> > its thing by then) but anything else seems to be too early (ie,
> > not per-session, if you see what I mean). I suspect I need to
> > subclass the Portal, or something, but I'm not sure...
> I'm not sure guard is sufficiently flexible to allow this. Perhaps one
> of the guard replacements that is being worked on will help? mg, can
> you comment? Also, indigo, can you comment on the session system you
> wrote and/or perhaps turn it into an example or a module?
Hmm, I don't think there's any way of handling cookie logins right now
except maybe redirecting to the __login__ URL with the username and
password as query params. But yuck!
One of the problems with guard is that there is no API exposed. It might
be nice if guard remembered an IGuard interface for application code to
use. What that would look like and how it would behave is something I
have not considered.
> > I've scanned the various examples, both in the distribution and in
> > the Nevow sandbox, but nothing seems to do what I want. Can anyone
> > give me some pointers?
> Sorry I can't be of more help. Guard is one of nevow's weak spots,
> since I didn't write it and therefore don't understand it, because it
> is pretty horrifically complex.
Yes. I tried to understand the guard code and got lost so I ended up
rewriting it as a learning exercise with the intention of porting bits
back into nevow.guard.
My rewrite is *much* simpler. It's not as complete as nevow.guard
although it does work and has the distinct advantage that it does not
create a session until it's really needed.
Valentino (aka dialtone) recently started patching my version in an
attempt to bring it inline with the real guard. He's even started
calling it newguard ;-). I guess this is a case of "watch this space".
Matt Goodall <matt at pollenation.net>
More information about the Twisted-web