Loading ...
Sorry, an error occurred while loading the content.

Accessing $Session Outside Apache?

Expand Messages
  • Quentin Smith
    Hi- I d like to access a variable I ve set in $Session *outside* Apache. My global.asa sets a couple variables in $Session which are based on a
    Message 1 of 6 , Jul 11, 2002
    • 0 Attachment
      Hi-
      I'd like to access a variable I've set in $Session *outside* Apache. My
      global.asa sets a couple variables in $Session which are based on a
      username/password the user provides. As such, I can't pass the data
      through a regular cookie. I'd like to pass data from my web server,
      running on port 8081, to another web server (www.Zope.org), running on
      port 8080 (don't ask). I think I'll have to 1) get Apache::ASP to send a
      different Set-cookie header to allow it to be passed to other ports on
      the same host and 2) figure out some way to safely access my StateDir
      (/tmp/hbschools/, if it matters) without corrupting it. Ideally I'd like
      to be able to access the session from python, although I wouldn't mind
      calling a perl script. I only need to access one variable from the
      $Session.
      I await your help,
      --Quentin


      ---------------------------------------------------------------------
      To unsubscribe, e-mail: asp-unsubscribe@...
      For additional commands, e-mail: asp-help@...
    • Joel Hughes
      HI Quentin, interesting set up you have here.... ;-) 1does the web user pass from Apache to Zope and then back to Apache? I.e. is this serial? If the answer to
      Message 2 of 6 , Jul 11, 2002
      • 0 Attachment
        HI Quentin,
        interesting set up you have here.... ;-)

        1does the web user pass from Apache to Zope and then back to Apache? I.e. is
        this serial?

        If the answer to is yes then I would POST the data to Zope on the "jump off"
        page in Apache. Zope can then always POST the data back to Apache for it to
        place back into $Session.

        ...or are you saying that you want Zope and Apache to have simultaneous
        access to this session data (why? is a user on 2 pages at the same time?)

        joel


        -----Original Message-----
        From: Quentin Smith [mailto:quentins@...]
        Sent: 12 July 2002 04:43
        To: asp@...
        Subject: Accessing $Session Outside Apache?


        Hi-
        I'd like to access a variable I've set in $Session *outside* Apache. My
        global.asa sets a couple variables in $Session which are based on a
        username/password the user provides. As such, I can't pass the data
        through a regular cookie. I'd like to pass data from my web server,
        running on port 8081, to another web server (www.Zope.org), running on
        port 8080 (don't ask). I think I'll have to 1) get Apache::ASP to send a
        different Set-cookie header to allow it to be passed to other ports on
        the same host and 2) figure out some way to safely access my StateDir
        (/tmp/hbschools/, if it matters) without corrupting it. Ideally I'd like
        to be able to access the session from python, although I wouldn't mind
        calling a perl script. I only need to access one variable from the
        $Session.
        I await your help,
        --Quentin


        ---------------------------------------------------------------------
        To unsubscribe, e-mail: asp-unsubscribe@...
        For additional commands, e-mail: asp-help@...




        ---------------------------------------------------------------------
        To unsubscribe, e-mail: asp-unsubscribe@...
        For additional commands, e-mail: asp-help@...
      • Quentin Smith
        Hi- I d like to have a user be able to start either on Apache or Zope. Zope should sense if the user has a current session (I think I can manage this). If not,
        Message 3 of 6 , Jul 11, 2002
        • 0 Attachment
          Hi-
          I'd like to have a user be able to start either on Apache or Zope. Zope
          should sense if the user has a current session (I think I can manage
          this). If not, it will redirect the user to an ASP login form. The ASP
          login form will then sense that the user came from Zope and then send
          them back. In other words, I want my one login form in Apache to process
          logins for both Apache and Zope. Since all important data is in a
          PostgreSQL database, all I need is to be able to pass the username back
          and forth with a reasonable amount of security (thus I can't just pass
          the username as a cookie.) All I need is read-only access to the
          $Session from Zope. If the user's session variable has not expired, I'd
          like them to be able to access any page on either server.
          I hope I have explained myself clearly.
          --Quentin
          P.S. If you're curious, I have www.Squishdot.org set up in Zope, and I'd
          like to integrate it into my existing site. Although if you do enough
          reading, you will see that Zope runs well with Apache as a proxy, this
          will not work in my situation.
          On Friday, July 12, 2002, at 12:19 AM, Joel Hughes wrote:

          > HI Quentin,
          > interesting set up you have here.... ;-)
          >
          > 1does the web user pass from Apache to Zope and then back to Apache?
          > I.e. is
          > this serial?
          >
          > If the answer to is yes then I would POST the data to Zope on the "jump
          > off"
          > page in Apache. Zope can then always POST the data back to Apache for
          > it to
          > place back into $Session.
          >
          > ...or are you saying that you want Zope and Apache to have simultaneous
          > access to this session data (why? is a user on 2 pages at the same
          > time?)
          >
          > joel
          >
          >
          > -----Original Message-----
          > From: Quentin Smith [mailto:quentins@...]
          > Sent: 12 July 2002 04:43
          > To: asp@...
          > Subject: Accessing $Session Outside Apache?
          >
          >
          > Hi-
          > I'd like to access a variable I've set in $Session *outside* Apache. My
          > global.asa sets a couple variables in $Session which are based on a
          > username/password the user provides. As such, I can't pass the data
          > through a regular cookie. I'd like to pass data from my web server,
          > running on port 8081, to another web server (www.Zope.org), running on
          > port 8080 (don't ask). I think I'll have to 1) get Apache::ASP to send a
          > different Set-cookie header to allow it to be passed to other ports on
          > the same host and 2) figure out some way to safely access my StateDir
          > (/tmp/hbschools/, if it matters) without corrupting it. Ideally I'd like
          > to be able to access the session from python, although I wouldn't mind
          > calling a perl script. I only need to access one variable from the
          > $Session.
          > I await your help,
          > --Quentin
          >
          >
          > ---------------------------------------------------------------------
          > To unsubscribe, e-mail: asp-unsubscribe@...
          > For additional commands, e-mail: asp-help@...
          >
          >
          >
          >
          > ---------------------------------------------------------------------
          > To unsubscribe, e-mail: asp-unsubscribe@...
          > For additional commands, e-mail: asp-help@...
          >


          ---------------------------------------------------------------------
          To unsubscribe, e-mail: asp-unsubscribe@...
          For additional commands, e-mail: asp-help@...
        • Joel Hughes
          Ok Quentin, will I don t know much about Zope but I do know that it must have some sort of session management of its own. Why don t you do this: when the user
          Message 4 of 6 , Jul 11, 2002
          • 0 Attachment
            Ok Quentin,
            will I don't know much about Zope but I do know that it must have some sort
            of session management of its own.

            Why don't you do this:
            when the user hits Zope and there is not username/password in the Zope
            session then Zope redirects to the ASP login page.
            The user then logs in and the page 'knows' that it came from Zope
            (querystring/POST hidden data/referrer whatever way you want to do it) and
            so POSTs back to a Zope (via SSL if you like) 'logged in' page which takes
            the POSTed username/password and sticks it in the Zope session vars.

            joel


            -----Original Message-----
            From: Quentin Smith [mailto:quentins@...]
            Sent: 12 July 2002 05:32
            To: joel@...
            Cc: asp@...
            Subject: Re: Accessing $Session Outside Apache?


            Hi-
            I'd like to have a user be able to start either on Apache or Zope. Zope
            should sense if the user has a current session (I think I can manage
            this). If not, it will redirect the user to an ASP login form. The ASP
            login form will then sense that the user came from Zope and then send
            them back. In other words, I want my one login form in Apache to process
            logins for both Apache and Zope. Since all important data is in a
            PostgreSQL database, all I need is to be able to pass the username back
            and forth with a reasonable amount of security (thus I can't just pass
            the username as a cookie.) All I need is read-only access to the
            $Session from Zope. If the user's session variable has not expired, I'd
            like them to be able to access any page on either server.
            I hope I have explained myself clearly.
            --Quentin
            P.S. If you're curious, I have www.Squishdot.org set up in Zope, and I'd
            like to integrate it into my existing site. Although if you do enough
            reading, you will see that Zope runs well with Apache as a proxy, this
            will not work in my situation.
            On Friday, July 12, 2002, at 12:19 AM, Joel Hughes wrote:

            > HI Quentin,
            > interesting set up you have here.... ;-)
            >
            > 1does the web user pass from Apache to Zope and then back to Apache?
            > I.e. is
            > this serial?
            >
            > If the answer to is yes then I would POST the data to Zope on the "jump
            > off"
            > page in Apache. Zope can then always POST the data back to Apache for
            > it to
            > place back into $Session.
            >
            > ...or are you saying that you want Zope and Apache to have simultaneous
            > access to this session data (why? is a user on 2 pages at the same
            > time?)
            >
            > joel
            >
            >
            > -----Original Message-----
            > From: Quentin Smith [mailto:quentins@...]
            > Sent: 12 July 2002 04:43
            > To: asp@...
            > Subject: Accessing $Session Outside Apache?
            >
            >
            > Hi-
            > I'd like to access a variable I've set in $Session *outside* Apache. My
            > global.asa sets a couple variables in $Session which are based on a
            > username/password the user provides. As such, I can't pass the data
            > through a regular cookie. I'd like to pass data from my web server,
            > running on port 8081, to another web server (www.Zope.org), running on
            > port 8080 (don't ask). I think I'll have to 1) get Apache::ASP to send a
            > different Set-cookie header to allow it to be passed to other ports on
            > the same host and 2) figure out some way to safely access my StateDir
            > (/tmp/hbschools/, if it matters) without corrupting it. Ideally I'd like
            > to be able to access the session from python, although I wouldn't mind
            > calling a perl script. I only need to access one variable from the
            > $Session.
            > I await your help,
            > --Quentin
            >
            >
            > ---------------------------------------------------------------------
            > To unsubscribe, e-mail: asp-unsubscribe@...
            > For additional commands, e-mail: asp-help@...
            >
            >
            >
            >
            > ---------------------------------------------------------------------
            > To unsubscribe, e-mail: asp-unsubscribe@...
            > For additional commands, e-mail: asp-help@...
            >



            ---------------------------------------------------------------------
            To unsubscribe, e-mail: asp-unsubscribe@...
            For additional commands, e-mail: asp-help@...
          • Quentin Smith
            Hi- Although yes, Zope does provide session management of its own, it is not automatically activated. I do not currently use it. In addition, I do not want one
            Message 5 of 6 , Jul 11, 2002
            • 0 Attachment
              Hi-
              Although yes, Zope does provide session management of its own, it is not
              automatically activated. I do not currently use it. In addition, I do
              not want one server to think the user is logged in while the other
              server thinks the session has expired. What I may do is create another
              table in PostgreSQL to store the session ID and then have Zope and my
              asp pages both access that. If Josh has any ideas on a cleaner way to do
              this that is closer to what I originally intended, he can chime in when
              he wakes up :)
              --Quentin
              On Friday, July 12, 2002, at 12:53 AM, Joel Hughes wrote:

              > Ok Quentin,
              > will I don't know much about Zope but I do know that it must have some
              > sort
              > of session management of its own.
              >
              > Why don't you do this:
              > when the user hits Zope and there is not username/password in the Zope
              > session then Zope redirects to the ASP login page.
              > The user then logs in and the page 'knows' that it came from Zope
              > (querystring/POST hidden data/referrer whatever way you want to do it)
              > and
              > so POSTs back to a Zope (via SSL if you like) 'logged in' page which
              > takes
              > the POSTed username/password and sticks it in the Zope session vars.
              >
              > joel
              >
              >
              > -----Original Message-----
              > From: Quentin Smith [mailto:quentins@...]
              > Sent: 12 July 2002 05:32
              > To: joel@...
              > Cc: asp@...
              > Subject: Re: Accessing $Session Outside Apache?
              >
              >
              > Hi-
              > I'd like to have a user be able to start either on Apache or Zope. Zope
              > should sense if the user has a current session (I think I can manage
              > this). If not, it will redirect the user to an ASP login form. The ASP
              > login form will then sense that the user came from Zope and then send
              > them back. In other words, I want my one login form in Apache to process
              > logins for both Apache and Zope. Since all important data is in a
              > PostgreSQL database, all I need is to be able to pass the username back
              > and forth with a reasonable amount of security (thus I can't just pass
              > the username as a cookie.) All I need is read-only access to the
              > $Session from Zope. If the user's session variable has not expired, I'd
              > like them to be able to access any page on either server.
              > I hope I have explained myself clearly.
              > --Quentin
              > P.S. If you're curious, I have www.Squishdot.org set up in Zope, and I'd
              > like to integrate it into my existing site. Although if you do enough
              > reading, you will see that Zope runs well with Apache as a proxy, this
              > will not work in my situation.
              > On Friday, July 12, 2002, at 12:19 AM, Joel Hughes wrote:
              >
              >> HI Quentin,
              >> interesting set up you have here.... ;-)
              >>
              >> 1does the web user pass from Apache to Zope and then back to Apache?
              >> I.e. is
              >> this serial?
              >>
              >> If the answer to is yes then I would POST the data to Zope on the "jump
              >> off"
              >> page in Apache. Zope can then always POST the data back to Apache for
              >> it to
              >> place back into $Session.
              >>
              >> ...or are you saying that you want Zope and Apache to have simultaneous
              >> access to this session data (why? is a user on 2 pages at the same
              >> time?)
              >>
              >> joel
              >>
              >>
              >> -----Original Message-----
              >> From: Quentin Smith [mailto:quentins@...]
              >> Sent: 12 July 2002 04:43
              >> To: asp@...
              >> Subject: Accessing $Session Outside Apache?
              >>
              >>
              >> Hi-
              >> I'd like to access a variable I've set in $Session *outside* Apache. My
              >> global.asa sets a couple variables in $Session which are based on a
              >> username/password the user provides. As such, I can't pass the data
              >> through a regular cookie. I'd like to pass data from my web server,
              >> running on port 8081, to another web server (www.Zope.org), running on
              >> port 8080 (don't ask). I think I'll have to 1) get Apache::ASP to
              >> send a
              >> different Set-cookie header to allow it to be passed to other ports on
              >> the same host and 2) figure out some way to safely access my StateDir
              >> (/tmp/hbschools/, if it matters) without corrupting it. Ideally I'd
              >> like
              >> to be able to access the session from python, although I wouldn't mind
              >> calling a perl script. I only need to access one variable from the
              >> $Session.
              >> I await your help,
              >> --Quentin
              >>
              >>
              >> ---------------------------------------------------------------------
              >> To unsubscribe, e-mail: asp-unsubscribe@...
              >> For additional commands, e-mail: asp-help@...
              >>
              >>
              >>
              >>
              >> ---------------------------------------------------------------------
              >> To unsubscribe, e-mail: asp-unsubscribe@...
              >> For additional commands, e-mail: asp-help@...
              >>
              >
              >
              >
              > ---------------------------------------------------------------------
              > To unsubscribe, e-mail: asp-unsubscribe@...
              > For additional commands, e-mail: asp-help@...
              >


              ---------------------------------------------------------------------
              To unsubscribe, e-mail: asp-unsubscribe@...
              For additional commands, e-mail: asp-help@...
            • Josh Chamas
              ... I might create a simple global session by using a domain cookie, and marking some field in the system accordingly. You could even reuse the random
              Message 6 of 6 , Jul 12, 2002
              • 0 Attachment
                Quentin Smith wrote:
                > Hi-
                > Although yes, Zope does provide session management of its own, it is not
                > automatically activated. I do not currently use it. In addition, I do
                > not want one server to think the user is logged in while the other
                > server thinks the session has expired. What I may do is create another
                > table in PostgreSQL to store the session ID and then have Zope and my
                > asp pages both access that. If Josh has any ideas on a cleaner way to do
                > this that is closer to what I originally intended, he can chime in when
                > he wakes up :)

                I might create a simple global "session" by using a domain cookie,
                and marking some field in the system accordingly. You could even
                reuse the random $Session->{SessionID} for this.

                So... ( MySQL SQL )

                update users set login_session_id = $Session->{SessionID},
                login_session_expires = now() + interval 1 day
                where username = ?

                ... then set global domain cookie that will be sent to both servers,
                over SSL only if you require this:

                $Response->{Cookies}{global_session_id} =
                {
                Secure => 1,
                Value => $Session->{SessionID},
                Expires => 86400,
                Domain => 'yourdomain.com',
                Path => '/'
                };

                You could try to have Zope read the sessions directly
                off disk, or put your sessions into the database with
                Apache::Session, but I would not recommend either of these
                things, because things could always break later when
                hacking into undocumented data structures. For example,
                I change the hashing implementation on Apache::ASP sessions
                from time to time for performance reasons, backwards compatible,
                but probably not with any work that you do to read them
                off disk.

                --Josh
                ________________________________________________________________
                Josh Chamas, Founder phone:714-625-4051
                Chamas Enterprises Inc. http://www.chamas.com
                NodeWorks Link Checking http://www.nodeworks.com


                ---------------------------------------------------------------------
                To unsubscribe, e-mail: asp-unsubscribe@...
                For additional commands, e-mail: asp-help@...
              Your message has been successfully submitted and would be delivered to recipients shortly.