Geek Answers Handbook

Google AppEngine: User Authentication

The way I authenticate my users on AppEngine with Google Accounts is great.

However, I need to use my authentication system to log in .

I will have an AppUsers table with usernames and encrypted passwords.

I read something about gae sessions, but I need help starting my application security.

How can I track an authenticated user session? Cookie setting?

Newbie.

+8
java security authentication google-app-engine
source share
1 answer

You can use cookies to do this ... It's really not that difficult. You can use a cookie to track an authenticated user and store the session key in gae datastore.

There is an example (it just shows the main idea, I can not guarantee that the code can be used directly)

Table of main users:

# simply add an property to store the session key class User(db.Model): username = db.StringProperty() password = db.StringProperty() session = db.StringProperty()

Input function

 # Do the following step: # 1. make sure user provide correct username and password # 2. generate a random session key # 3. store the session key to datastore # 4. set the session key and user name in cookie class LoginAPI( Webapp.RequestHandler ): def get(self): username = self.getVar( 'username', username ) password = self.getVar( 'password', password ) user = User.all().filter("username = ", username).get() password = encrypted_the_password(password) # encrypted your password with your own method! if user.password == password: # User login successfually session = generate_random_session_key() # generate your session key here user.session = session user.put() expires_time = decide_your_expires_time() # decide how long the login session is alive. cookie_time_format = "%a, %d-%b-%Y %H:%M:%S GMT" expires_datetime = datetime.datetime.fromtimestamp(expires_time) # set cookie as session self.response.headers.add_header( "Set-Cookie", "user=%s; expires=%s; path=/" % ( user.username,expires_datetime.strftime( cookie_time_format ) ) ) self.response.headers.add_header( "Set-Cookie", "session=%s; expires=%s; path=/" % ( user.session, expires_datetime.strftime( cookie_time_format ) ) ) else: #User login failed pass

Exit function

 # Remove the previous cookie info class LoginAPI( Webapp.RequestHandler ): def get(self): # remove the cookie self.response.headers.add_header( "Set-Cookie", "user=%s; expires=%s; path=/" % ( "",expires_datetime.strftime( cookie_time_format ) ) ) self.response.headers.add_header( "Set-Cookie", "session=%s; expires=%s; path=/" % ( "", expires_datetime.strftime( cookie_time_format ) ) )

When you need a user login

 # Get the session info from cookie. If the session info match the info stored in datastore # Then user authenticate successfully. class SomePage(Webapp.RequestHandler): def get(self): # get cookie info username_from_cookie = self.request.cookies.get("user", "") session_from_cookie = self.request.cookies.get("session", "") if username_from_cookie and session_from_cookie: user = User.all().filter("username = ", username_from_cookie).get() if user.session == session_from_cookie: # the user is login correctly pass else: # the user is not login pass else: # the user is not login pass
+6
source share

More articles:


All Articles