[albatross-users] Session Variables not saved

Sheila King sheila at thinkspot.net
Sat Jul 12 18:21:52 EST 2003 

--On Friday, July 11, 2003 10:43 PM -0700 Sheila King 
<sheila at thinkspot.net> wrote:

> I am still having serious difficulties with my application since
> the  upgrade to Albatross 1.10pre2.
>
> I am using RandomApp with Server side file sessions.
[snip]
>
> But now it appears that my session/authentication code is all fubar.
>
> The thing is, I finally figured out tonight, that even though I am
> (in my code) adding session vars to the session, they do not appear
> to be saved.
>
> I am working on making a stripped down example of my code to show
> this ...

OK, here is the stripped down example. It's ugly, but I think 
demonstrates my point...

Code is available here:
http://www.mathxy.com/temp/

The .zip file contains all the files without the .txt extensions (if 
you want the whole thing to run for yourself)

Working example is available here:
http://mathxy.com/cgi-bin/test/mgr.py

account number = 123456
email = test at example.com
passwd = test1234

All of the local variables and session vars are displayed to the page.

What is so weird is that the session vars do contain
_last_access
_authstatus

as session variables when the login page is first displayed

But then when you log in and go to the expired page (which is an 
error...it should take you to the Main Account page, but this doesn't 
work right...is my problem I'm trying to solve...)

Notice that the _last_access and _authstatus are no longer session 
variables.

And what is weird is that there is no place in the code where I am 
removing the session or deleting any session variables. So how did 
those variables get removed from the session?

I believe that the reason my authentication code no longer works, is 
because the _last_access variable is no longer stored in the session.

If I'm doing something stupid here, OK...but I don't think so. This 
code (or something darn similar to it) worked fine with the last 
version of Albatross. I am beating my head against a wall here to 
figure out why.

One thing that I thought was possible, is that it is happening in the 
"redirect" as I know that the account gets validated long enough to 
go into the main.py file but when it rechecks for validation there, 
it fails and redirects to the expired page.

Basic process is:

mgr.py <-- main application
login.py <-- start page module
line 15 of login.py is apparently successfully authenticating the 
account
line 20 in login.py is redirecting to main.py
line 5 of main.py is determining that the authentication is not valid
line 6 of main.py is redirecting to expired.py

That's what's happening now. Authentication check should *not* be 
failing in main.py line 5.

:\


-- 
Sheila King
http://www.thinkspot.net/sheila/
http://www.k12groups.org

More information about the Albatross-users mailing list