7 messages in com.googlegroups.pylons-discussRe: reconstruction session after a Fl...| From | Sent On | Attachments |
|---|---|---|
| k7lim | 27 Jun 2008 09:02 | |
| Ben Bangert | 27 Jun 2008 09:56 | |
| k7lim | 27 Jun 2008 10:14 | |
| Ben Bangert | 27 Jun 2008 10:31 | |
| k7lim | 27 Jun 2008 13:42 | |
| Ben Bangert | 27 Jun 2008 14:13 | |
| k7lim | 27 Jun 2008 15:16 |
| Subject: | Re: reconstruction session after a Flash-based file upload |
|---|---|
| From: | k7lim (k7l...@gmail.com) |
| Date: | 06/27/2008 01:42:15 PM |
| List: | com.googlegroups.pylons-discuss |
Hey Ben,
I'm starting to get the hang of this. However, I'm getting None back for my get_by_id(sessionID) call. My hunch is that the reason is something else you stated: I'm not actually passing the sessionID, as I'd assumed. I'm passing a long hex string (len is 72). Perhaps this is the hash that you'd mentioned? Re-reading the swfupload docs, it's passing the contents of the cookie as a param.
Also, I'm breaking on this line: pylons.request.environ['pylons.pylons'] it's saying no such key... hmmm
I put the code you specified in the __before__ method of my basecontroller, because you said it had to come as early as possible...
Getting closer...!
-Kevin
On Jun 27, 1:31 pm, Ben Bangert <b....@groovie.org> wrote:
On Jun 27, 2008, at 10:14 AM, k7lim wrote:
Thanks for the quick reply, Ben. Once I have that oldsession, how do I "install" it as the current one that the system can act on?
You need to register it as the object that should be used as pylons.session like so:
import pylons
# Get the new session by sessionID newsession = pylons.session.get_by_id(sessionID)
# Load the registry and replace our global session with the new one registry = pylons.request.environ['paste.registry'] registry.register(pylons.session, newsession)
# Also replace the other session reference to look to the new one pylons_obj = pylons.request.environ['pylons.pylons'] pylons_obj.session = newsession
That will replace all references to the old requests session, with your new one. I'd suggest adding that to your lib/base.py so that its replaced as early as possible. Also, to at least make it a little more secure, rather than having just the session ID in the POST var, you might try adding a SHA-1 hash to it so that people can't alter it on you. This is how the session ID is signed in cookies to prevent people from changing the session ID to try and spoof other sessions.
Cheers, Ben
smime.p7s 3KDownload
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"pylons-discuss" group.
To post to this group, send email to pylo...@googlegroups.com
To unsubscribe from this group, send email to
pylo...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/pylons-discuss?hl=en
-~----------~----~----~----~------~----~------~--~---