Q: How to pass session information from outside into Zope?
Hi, how do I transfer session (or authentication) information from a non-Zope site (PHP or else) to a Zope site? Cookies just work on the same site, hidden fields just work for 'post's. So I'll probably have to pass the information in the URL. My Q: How do I get Zope to strip and evaluate the id information I pass in the URL string, even if the Zope object I'm calling is not explicitly prepared to do that (i.e. it is no DTML method that has code for this)? Zope URLs are often created on the fly (db query), so the handling of the id string in the URL has to be acquired by some inheritance magic, I guess. Any ideas how to solve this? The inted is that the user doesn't have to login twice (the session id could be stored in a common db). Avus ____________________________________________________________________ Get your own FREE, personal Netscape WebMail account today at http://webmail.netscape.com.
At 22:25 24-10-99 , Avus wrote:
Hi,
how do I transfer session (or authentication) information from a non-Zope site (PHP or else) to a Zope site?
Cookies just work on the same site, hidden fields just work for 'post's. So I'll probably have to pass the information in the URL. My Q: How do I get Zope to strip and evaluate the id information I pass in the URL string, even if the Zope object I'm calling is not explicitly prepared to do that (i.e. it is no DTML method that has code for this)? Zope URLs are often created on the fly (db query), so the handling of the id string in the URL has to be acquired by some inheritance magic, I guess.
Any ideas how to solve this? The inted is that the user doesn't have to login twice (the session id could be stored in a common db).
You could use __bobo_traverse__ or __get_item__ for this. It'll enable URLs like: http://your.zope.server/Session/0x1234/SQLMethod/city/New%20York/ where Session is an instance of a Python class you've written. It's __bobo_traverse__ method will be called with the 0x1234 part of the URL and the REQUEST object, while __get_item__ will only get the 0x1234 part. See lib/python/Shared/DC/ZRDB/DA.py for an example, the second part of my example URL is implemented there (ZSQL Methods support direct traversal). -- Martijn Pieters, Web Developer | Antraciet http://www.antraciet.nl | T: +31 35 7502100 F: +31 35 7502111 | mj@antraciet.nl http://www.antraciet.nl/~mj | PGP: http://wwwkeys.nl.pgp.net:11371/pks/lookup?op=get&search=0xA8A32149 ---------------------------------------------
Martijn Pieters wrote:
At 22:25 24-10-99 , Avus wrote:
How do I get Zope to strip and evaluate the id information I pass in the URL string, even if the Zope object I'm calling is not explicitly prepared to do that (i.e. it is no DTML method that has code for this)? Zope URLs are often created on the fly (db query), so the handling of the id string in the URL has to be acquired by some inheritance magic, I guess.
You could use __bobo_traverse__ or __get_item__ for this. It'll enable URLs like:
http://your.zope.server/Session/0x1234/SQLMethod/city/New%20York/
Alternatively, if you don't want to write a new class and are willing to use alpha code, you can accomplish this with the SiteAccess Product. With SiteAccess, you would create an empty folder called 'Session' and place a single method in it (DTML Method will do fine) called 'SetSession' for example. Then "Set Access Rule" to 'SetSession'. One way to write this method would be: <dtml-unless "REQUEST.path[0][:6]=='manage'"> <dtml-if "_.int(REQUEST.path[-1])>0"> <dtml-call "REQUEST.set('SessionID', REQUEST.path.pop())"> <dtml-call "REQUEST.setURL(path=_.string.join(REQUEST.steps, '/')+'/'+SessionID)"> <dtml-else> <dtml-raise type="Invalid">Invalid Session ID!</dtml-raise> </dtml-if> </dtml-unless> This method does nothing if our URL ends in '/manage*', and complains if the Session ID is not a positive integer. Otherwise, it takes the Session ID off of the traversal stack (pop()) and stores it in a REQUEST variable. Finally, it resets the current URL to put the Session ID back in, so that it will appear in generated links. The blank lines (one, anyway) are necessary to prevent the DTML Method from complaining about truncated headers. Evan
participants (3)
-
Avus -
Evan Simpson -
Martijn Pieters