Mod_python, jsonrpc and sessions

Discussion in 'Python' started by p3dda.adam@googlemail.com, Jan 14, 2009.

  1. Guest

    Hi,

    I've got a python web-application being served by apache via
    mod_python, in which the users sessions are tracked via the mod_python
    Session module.
    Some of websites generated contain a java-script function which starts
    a jsonrpc call to the same server and gets further data or stores
    something to a database (AJAX). The server-sided jsonrpc functions are
    written in python as ServiceMethods.

    As I need to identify the user issuing the rpc call, I'm wondering if
    there is any possibility to access the session created by the
    previosly called mod_python Handler-method. In mod_python it is
    accessed using the mod_python request object, but in the rpc
    servicemethod I don't have such an object. So how can I track the rpc
    caller?

    Any ideas and hints appreciated.
    Peter
    , Jan 14, 2009
    #1
    1. Advertising

  2. lkcl Guest

    On Jan 14, 4:47 pm, wrote:
    > Hi,
    >
    > I've got a python web-application being served by apache via
    > mod_python, in which the users sessions are tracked via the mod_python
    > Session module.
    > Some of websites generated contain a java-script function which starts
    > a jsonrpc call to the same server and gets further data or stores
    > something to a database (AJAX). The server-sided jsonrpc functions are
    > written in python as ServiceMethods.
    >
    > As I need to identify the user issuing the rpc call, I'm wondering if
    > there is any possibility to access the session created by the
    > previosly called mod_python Handler-method. In mod_python it is
    > accessed using the mod_python request object, but in the rpc
    > servicemethod I don't have such an object. So how can I track the rpc
    > caller?


    the only way to store "session" info reliably is: cookies.

    therefore, the code in one part of the application _will_ have to
    store a session cookie as an identifier, and you can track the name of
    that cookie through the source code that created it. or look in the
    source code for anything beginning with the word "session". "grep -
    ril" is your friend.

    also, if the app stores its session authentication information in a
    database, you can look through the app for the database table name.

    if you don't _know_ the database table name, and are having
    difficulty finding out because the design of the app is SHITE then you
    can do a dump of the database _before_ a session login, and a dump
    afterwards, and then diff is your friend. if the database is mysql,
    add --extended-insert=no (something like that) to the mysqldump
    command otherwise you will have a bitch-awful job identifying the
    right line.

    i've done this when working with fricking-joomla, integrating it with
    django. fireboard. i had to hunt through the php code looking for
    the database user-session.

    once you have the session info, that's your "user tracking" function
    in the rpc calls.

    none of the above is particularly rocket science - or actually
    anything to do with python: it's a simple matter of applying
    investigative techniques logically working from how the technology
    _should_ work and then bludgeoning it into submission to tell you what
    the hell's going on.

    l.
    lkcl, Jan 14, 2009
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. vk02720

    question on Ajax/jsonrpc

    vk02720, Sep 4, 2006, in forum: Java
    Replies:
    1
    Views:
    462
    John Bailo
    Sep 26, 2006
  2. blbmdsmith
    Replies:
    1
    Views:
    628
    Graham Dumpleton
    Dec 14, 2006
  3. Replies:
    0
    Views:
    342
  4. Luke Kenneth Casson Leighton

    [ANN] git JSONRPC web service and matching pyjamas front-end

    Luke Kenneth Casson Leighton, Jun 29, 2010, in forum: Python
    Replies:
    3
    Views:
    401
  5. vk02720

    question on Ajax/jsonrpc

    vk02720, Sep 4, 2006, in forum: Javascript
    Replies:
    1
    Views:
    92
    John Bailo
    Sep 26, 2006
Loading...

Share This Page