0

I am maintaining a web application built in python.

Access control for the app is handled at the Apache layer (using the Apache htpasswd file).

Right now, the app works the same no matter who is using it. The app doesn't even know who is logged in. But now I need to add a feature to the app that requires knowing who is logged in.

So the question is this: is there some way to access the Apache session information and see the user name of the user logged i non this session?

Of course I could completely redo the security model so that the app handles user login, but if there is any way to just access the Apache info, that will save me lots of work.

Thanks in advance!

Improve this question
1
  • What framework are you using? Commented Dec 9, 2013 at 18:01

1 Answer 1

Reset to default
1

If you are using Basic Auth, you can check the Authorization HTTP header:

>>> request.headers["Authorization"]
'Basic YWRtaW46aHVudGVyMg=='
>>> request.headers["Authorization"].partition(" ")[2].decode("base64")
'admin:hunter2'

Alternatively, you can check the REMOTE_USER environment variable (although this isn't guaranteed to be set in the same way tha the Authorization header will be):

>>> import os
>>> os.environ['REMOTE_USER']
'admin'
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.