0

Is there a way to catch the contents of the PHP session variable $_SESSION['user_id'] with a mod_wsgi Python script? I'm running a script in the background that will decide whether or not the user may proceed to view the document.

I would like to do something like this:

def allow_access(environ, host):
    allow_access = False

    if environ['SCRIPT_NAME'] == 'forbidden_dir':
        if session['user_id'] == '1':
            allow_access = True

    if allow_access:
        return True
    else:
        return False

Is it possible?

Improve this question
5
  • do you use both php and python on the server? Commented Oct 2, 2009 at 14:20
  • FYI. SCRIPT_NAME is not available from mod_wsgi access hook. You would need to use Location directive in Apache configuration to restrict access hook to a specific URL context. Commented Oct 2, 2009 at 23:15
  • SilentGhost: Yes, the application is written in PHP because I started to learn Python after I started to write the app. Commented Oct 3, 2009 at 7:34
  • Graham: Could you point me to any tutorials on using the access hook? The official docs didn't provide much info :) Commented Oct 3, 2009 at 7:35
  • Location and Directory directives are Apache directives, so you need to see Apache documentation for how to use Location directive. BTW, you also should not check REQUEST_URI in an access hook either as it is unprocessed form and any checks against it could fail if expecting it to always be a certain value unless you are going to perform all the HTTP decoding of it first. If you feel that available documentation isn't enough, then use the official mod_wsgi list on Google groups referenced from the mod_wsgi site to ask questions. Commented Oct 4, 2009 at 5:28

2 Answers 2

Reset to default
3

If it's possible, it's not easy; apache stores session variables in files in a special format.

Your best option might be to write a php page that prints all session variables. (Hard-code it to only serve to localhost.) Open the url to that page from within your python script. Add a header to the url request with the session info. Then, once the php page is loaded in Python, parse the input.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I think you will definitely need to have Python call your PHP pages as the $_SESSION vars are really an artifact of PHP, rather than Apache.
Aha, that would probably work well. I can see the solution clearly :)
3

please don't do this:

if allow_access:
    return True
else:
    return False

when you can do: return allow_access.

Improve this answer

1 Comment

Sorry, I have no idea what I was thinking. :/

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.