Hi, I'm writing a code for a media server and I want to serve static
files to authenticated users only. I check against Django's session
table (django_session) and that's ok (IMO) but in session_data there
isn't the userid and I need it for security reasons; So I sent you
what I'm doing so far and please, I'd really like that someone can
help me a bit if you please.
Many thanks!
PS: Greetings from Chile.
--
http://www.advogato.org/person/mgonzalez/
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-developers
-~----------~----~----~----~------~----~------~--~---
from mod_python import apache, Cookie
from os import environ
def accesshandler(req, **kwargs):
"""
(Was) Authentication handler that checks against Django's auth database.
(Is) Access handler that check agains Django's session table
"""
options = req.get_options()
settings_module = options.get('DJANGO_SETTINGS_MODULE', None)
if settings_module:
environ['DJANGO_SETTINGS_MODULE'] = settings_module
else:
return apache.HTTP_FORBIDDEN
cookies = Cookie.get_cookies(req)
if cookies.has_key('sessionid'):
django_sessionid = cookies['sessionid'].value
else:
return apache.HTTP_FORBIDDEN
from django import db
db.reset_queries()
cursor = db.connection.cursor()
sql = """
SELECT session_data
FROM django_session
WHERE expire_date > now()
AND session_key = '%s'
""" % django_sessionid
cursor.execute( sql )
session = cursor.dictfetchone()
sessionid_is_found = False
if len(session['session_data']) > 0:
sessionid_is_found = True
if not sessionid_is_found:
return apache.HTTP_FORBIDDEN
import base64
a = base64.decodestring( session['session_data'] )
#who is the owner of this cookie??!
#cause in session['session_data'], is not
req.write(a)
return apache.HTTP_UNAUTHORIZED
