[Twisted-web] Re: Nevow: Authenticated site with "remember me" and vhosts

Paul Moore pf_moore at yahoo.co.uk
Sat Oct 30 11:01:27 MDT 2004


Donovan Preston <dp at divmod.org> writes:

> Are you using 0.3 or SVN head? I think Tv was working on fixing 
> guard-related problems in this area. You might have more luck using SVN 
> head, if you are not.

I'm using SVN head. Actually, grubbing round in the source, it looks
like putChild comes from ChildLookupMixin, which Page subclasses, but
SessionGuard doesn't. So an empty class derived from both
SessionGuard and ChildLookupMixin should work...

[Tries it]
Yes, that works. Feels like a hack, but it's a working hack :-) I'm
still not sure if that leaves the vhost guarded or not, and what that
means...

>> 2. I'd like to add a "remember me" checkbox, which if checked sets a
>>    cookie to remember the user's ID, so that they don't have to log
>>    in again for (say) 2 weeks. Much like gmail, or Yahoo, do. But I'm
>>    not too sure how I'd go about this. I'm not even sure where I'd
>>    *put* auto-login code: the page is too late (the guard has done
>>    its thing by then) but anything else seems to be too early (ie,
>>    not per-session, if you see what I mean). I suspect I need to
>>    subclass the Portal, or something, but I'm not sure...
>
> I'm not sure guard is sufficiently flexible to allow this. Perhaps one 
> of the guard replacements that is being worked on will help? mg, can 
> you comment? Also, indigo, can you comment on the session system you 
> wrote and/or perhaps turn it into an example or a module?

Interesting. I was getting that impression, too. Also, the code of
guard looks very hairy, so I'm not surprised that replacements are
under development. If a guinea pig is needed, let me know...

I looked at the current guard code, and it seems odd. I don't see the
point of things like __session_just_started__ (particularly as it's
user-visible :-() and the fact that login/logout are represented by
separate URLs, rather than just posting back to the current URL and
reading the form data is different from other approaches I have seen.

>> Is there any documentation effort for Nevow going on anywhere? I'd
>> happily contribute, although it would more likely be in the form of
>> questions than answers at the moment :-)
>
> There should be, and it is creeping up higher on my priority list. 
> However, life prevents me. Hopefully sometime in the next few months.
>
> Perhaps lurking on #twisted.web on irc.freenode.net would help?

I'll certainly do that. I'll also see if I can add any useful bits to
the Wiki...

Paul.
-- 
SCSI is not magic. There are fundamental technical reasons why it is
necessary to sacrifice a young goat to your SCSI chain now and then.
-- John Woods




More information about the Twisted-web mailing list