Anouther issues with Authenticating this way, the Django user is still
Anonymous although the REMOTE_USER is not:
<ModPythonRequest
path:/Login/,
GET:<MultiValueDict: {}>,
POST:<MultiValueDict: {}>,
COOKIES:{},
META:{'AUTH_TYPE': 'Basic',
'CONTENT_LENGTH': 0L,
'CONTENT_TYPE': None,
'GATEWAY_INTERFACE': 'CGI/1.1',
'HTTP_ACCEPT': '*/*',
'HTTP_ACCEPT_ENCODING': 'gzip, deflate',
'HTTP_ACCEPT_LANGUAGE': 'en',
'HTTP_AUTHORIZATION': 'Basic YnJILikeBeEROnSatURdayNA==',
'HTTP_HOST': 'localhost:8080',
'HTTP_MAX_FORWARDS': '10',
'HTTP_USER_AGENT': 'Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en)
AppleWebKit/412.7 (KHTML, like Gecko) Safari/412.5',
'HTTP_X_FORWARDED_FOR': '10.1.5.112',
'HTTP_X_FORWARDED_HOST': 'www.foo.com',
'HTTP_X_FORWARDED_SERVER': 'foo.com',
'PATH_INFO': '/',
'PATH_TRANSLATED': None,
'QUERY_STRING': None,
'REMOTE_ADDR': '127.0.0.1',
'REMOTE_HOST': None,
'REMOTE_IDENT': None,
'REMOTE_USER': 'bray',
'REQUEST_METHOD': 'GET',
'SCRIPT_NAME': None,
'SERVER_NAME': 'foo.com',
'SERVER_PORT': 0,
'SERVER_PROTOCOL': 'HTTP/1.1',
'SERVER_SOFTWARE': 'mod_python'},
user:AnonymousUser>'
So, request.user.is_anonymous() returns True.
I do know know what made me think
django.contrib.auth.handlers.modpython would start a session
automatically. Instead, it just gives Apache the ok to let the request
through to Django.
Would it be appropriate to take the HOST_USER from the request object
and just log the user in after the Apache Authentication by setting
request.session and request.user? More important, is this safe? If so,
this is fine by me.
Regards, Brian Ray
