BTW why does the callbacks with the cookie header not work with web2py
just like that? Is this some kind of Security Feature of web2py?
Thanks in advance.
Dieter Asman
On 11 Feb., 13:02, AsmanCom <d.as...@web.de> wrote:
> I´ve got an Application wich makes (url)callbacks to my web2py app and
> All these webhooks have a "Cookie:" header with a value identical to
> the browser that caused the request to be initiated.
> For for example it calls the web2py Controller with this "Cookie:"
> header:
>
> Cookie: session_id_myapp=127.0.0.1-2b77d424-4e72-4d3f-a0de-
> badbcdbe6a30
>
> In the called web2py controller I want to make the Authorization for
> this call, tried to like that:
>
> def connect():
>
> return response.json([auth.is_logged_in(), {"name": "Test"}])
>
> When called with the Browser, it returns:
> [true, {"name": "test"}]
>
> When called by the (url)callback, it returns:
> [false, {"name": "test"}]
>
> In this Controller I can simply grab the session_id:
>
> def get_session_test():
>
> if request.cookies.has_key(response.session_id_name):
> value = request.cookies[response.session_id_name].value
> return dict(session_id=value)
> else:
> return False
>
> How can I authorize these (url)callbacks by session_id?
>
> I´ve to query two values by the given session_id,
> 1. is_logged_in (boolean)
> 2. username or user email (string)
>
> But, how to obtain them?
>
> Or is there a better way to make the authorization for the
> (url)callbacks?
>
> Thank you in advance.
>
> Dieter Asman
