[Zope] - pcgi, os.environ, and cookies

[Jim Fulton]

BScherer@mobile.bam.com wrote:
> 
> Hi,
> 
> I've got bobo application that I've converted to run under the pcgi that comes with Zope 1.9 final.
> 
> The application uses a cookie based authentication/identification scheme.
> 
> The problem is that the app runnning under pcgi seems to maintain the environment under which it was started, which means that the cookie info never changes.  If I start the app as an authenticated user, anybody can get in; if I start it as a non authenticated user, nobody can get in.  I've confirmed the static environ by logging it; it never changes.

Right.  os.environ never changes.  That's not where you should
get cookies.

> I'm using an old cookie.py module:
> # by Dave Mitchell (davem@magnet.com), 1995
> Maybe there is another way to get fresh cookies?

Yes, get them from Zope.  For example, if you want
a cookie named 'auth_cookie', you could:

- Include 'auth_cookie' in your function signature,

- Get REQUEST['auth_cookie'] or

- If you really want to make shure you are getting a cookie, 
  use REQUEST.cookies['auth_cookie']

Each request has it's own environment.  This 
environment is used to create the corresponding
REQUEST object.

Jim

--
Jim Fulton           mailto:jim@digicool.com
Technical Director   (540) 371-6909              Python Powered!
Digital Creations    http://www.digicool.com     http://www.python.org

Under US Code Title 47, Sec.227(b)(1)(C), Sec.227(a)(2)(B) This email
address may not be added to any commercial mail list with out my
permission.  Violation of my privacy with advertising or SPAM will
result in a suit for a MINIMUM of $500 damages/incident, $1500 for
repeats.