author | Aurelien Campeas <aurelien.campeas@logilab.fr> |
Wed, 22 Sep 2010 19:43:44 +0200 | |
branch | stable |
changeset 6311 | afd6a9e45489 |
parent 6298 | f4347f796908 |
child 6313 | b3fd91524132 |
permissions | -rw-r--r-- |
1714
a721966779be
new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff
changeset
|
1 |
.. -*- coding: utf-8 -*- |
a721966779be
new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff
changeset
|
2 |
|
a721966779be
new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff
changeset
|
3 |
Sessions |
a721966779be
new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff
changeset
|
4 |
======== |
a721966779be
new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff
changeset
|
5 |
|
6311
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
6 |
Sessions are object carrying the `.execute` method to query the data |
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
7 |
sources. |
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
8 |
|
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
9 |
Kinds of sessions |
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
10 |
----------------- |
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
11 |
|
6298
f4347f796908
[doc/book] fix session types
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
5394
diff
changeset
|
12 |
There are two kinds of sessions. |
2112
df86450ca65d
[doc] a note on sessions
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
1714
diff
changeset
|
13 |
|
6311
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
14 |
* `normal sessions` are the most common: they are related to users and |
2112
df86450ca65d
[doc] a note on sessions
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
1714
diff
changeset
|
15 |
carry security checks coming with user credentials |
df86450ca65d
[doc] a note on sessions
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
1714
diff
changeset
|
16 |
|
2539
0f26a76b0348
[doc] some more rewriting
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
2112
diff
changeset
|
17 |
* `internal sessions` have all the powers; they are also used in only a |
2112
df86450ca65d
[doc] a note on sessions
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
1714
diff
changeset
|
18 |
few situations where you don't already have an adequate session at |
df86450ca65d
[doc] a note on sessions
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
1714
diff
changeset
|
19 |
hand, like: user authentication, data synchronisation in |
df86450ca65d
[doc] a note on sessions
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
1714
diff
changeset
|
20 |
multi-source contexts |
df86450ca65d
[doc] a note on sessions
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
1714
diff
changeset
|
21 |
|
2539
0f26a76b0348
[doc] some more rewriting
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
2112
diff
changeset
|
22 |
.. note:: |
0f26a76b0348
[doc] some more rewriting
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
2112
diff
changeset
|
23 |
Do not confuse the session type with their connection mode, for |
6311
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
24 |
instance : `in memory` or `pyro`. |
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
25 |
|
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
26 |
Normal sessions are typically named `_cw` in most appobjects or |
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
27 |
sometimes just `session`. |
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
28 |
|
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
29 |
Internal sessions are available from the `Repository` object and are |
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
30 |
to be used like this: |
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
31 |
|
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
32 |
.. sourcecode:: python |
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
33 |
session = self.repo.internal_session() |
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
34 |
try: |
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
35 |
# do stuff |
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
36 |
finally: |
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
37 |
session.close() |
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
38 |
|
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
39 |
.. warning:: |
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
40 |
Do not forget to close such a session after use for a session leak |
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
41 |
will quickly lead to an application crash. |
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
42 |
|
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
43 |
Authentication and management of sessions |
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
44 |
----------------------------------------- |
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
45 |
|
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
46 |
The authentication process is a ballet involving a few dancers: |
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
47 |
|
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
48 |
* through its `connect` method the top-level application object (the |
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
49 |
`CubicWebPublisher`) will (re-)open a session whenever a web request |
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
50 |
comes in; it asks the `session manager` to open a session (giving |
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
51 |
the web request object as context) using `open_session` |
2112
df86450ca65d
[doc] a note on sessions
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
1714
diff
changeset
|
52 |
|
6311
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
53 |
* the session manager asks its authentication manager (which is a |
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
54 |
`component`) to authenticate the request (using `authenticate`) |
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
55 |
|
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
56 |
* the authentication manager asks, in order, to its authentication |
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
57 |
information retrievers, a login and an opaque object containing |
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
58 |
other credentials elements (calling `authentication_information`), |
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
59 |
giving the request object each time |
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
60 |
|
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
61 |
* the default retriever (bizarrely named |
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
62 |
`LoginPaswordRetreiver`) will in turn defer login and password |
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
63 |
fetching to the request object (which, depending on the |
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
64 |
authentication mode (`cookie` or `http`), will do the |
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
65 |
appropriate things and return a login and a password) |
1714
a721966779be
new book layout, do not compile yet
sylvain.thenault@logilab.fr
parents:
diff
changeset
|
66 |
|
6311
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
67 |
* the authentication manager, on success, asks the `Repository` |
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
68 |
object to connect with the found credentials (using `connect`) |
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
69 |
|
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
70 |
* the repository object asks authentication to all of its |
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
71 |
sources which support the `CWUser` entity with the given |
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
72 |
credentials; when successful it can build the cwuser entity, |
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
73 |
from which a regular `Session` object is made; it returns the |
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
74 |
session id |
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
75 |
|
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
76 |
* the authentication manager, on success, will call back _all_ |
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
77 |
retrievers with `authenticated` and return its authentication |
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
78 |
data (on failure, it will try the anonymous login or, if the |
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
79 |
configuration forbids it, raise an `AuthenticationError`) |
afd6a9e45489
[doc/book] tell a more complete story on sessions and the authentication process
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
6298
diff
changeset
|
80 |