[Twisted-web] _nevow_carryover_
Donovan Preston
dp at ulaluma.com
Tue May 10 17:10:25 MDT 2005
On May 10, 2005, at 2:37 PM, Paul Moore wrote:
> Can someone tell me what the _nevow_carryover_ argument that gets
> added to URLs as part of form processing is for? Is there any way of
> suppressing it (and presumably handling the functionality in an
> alternative way)? It looks session-related, but if I delete it and
> re-enter the base URL, there seems to be no difference.
>
> I've looked at the source code, but it baffles me :-(
>
> Is it another of these redirect loop hacks, like __start_session__?
>
This is used to implement the formless "IHand" when no guard session
or cookie-based session is present (and it is always used regardless
of whether they are present).
I know this annoys people. It annoys me that it annoys people :-) But
I would like to fix it once and for all.
The IHand is the return result of an autocallable. It is stored in a
global dictionary, keyed by the _nevow_carryover_ value, and after
the POST to GET redirect occurs (with the _nevow_carryover_ parameter
added), the value is retrieved out of the dictionary and stored as
IHand on the context.
Solutions to removing this annoyance:
1) If the autocallable returns None, or returns a Deferred which
fires with None, do not add _nevow_carryover_ and do not set IHand.
This will cover a large number of the man-_nevow_carryover_-is-
annoying cases.
If someone is using formless to expose methods as autocallable, and
merely does database munging in the autocallable, and does not ever
return a result, then they will never see _nevow_carryover_.
2) If the user actually is returning values from the autocallable,
and is actually looking for the result in the IHand of the next
request: Check to see if there is a guard session. If so, store the
hand there for the duration of the redirect.
This will solve cases where people actually are using the IHand
(probably rare) AND are using guard sessions (Probably 100% of the
rare cases)
3) Finally, if people ARE returning results from autocallables, AND
ARE NOT using guard AND are still annoyed with _nevow_carryover_, I
have an idea which involves putting the mini-session key in the <form
action=""> instead of the redirect. Since users only see the action
url during the time it takes their browser to redirect, and the
redirected request can pull the mini-session key out of the referrer,
this would work.
dp
More information about the Twisted-web
mailing list