On Wed, Dec 10, 2003 at 03:42:49PM +1100, Stuart Hungerford wrote:
-> Hi all,
->
-> I have a collection of simple-ish HTML pages generated by PTL
-> callables which seem to be working ok.  I'd like to add
-> username/password protection to a subset of these pages,
-> hopefully without changing them too much.
->
-> What are the "idiomatic" Quixotic ways of approaching this
-> task?

Use SessionPublisher and _q_access.

That is, implement sessions and add a 'validated' (or 'authorized' or whatnot)
flag to each session, defaulting to False.  Then have the login pages set
this flag to True, and add a _q_access function at the top of the protected
hierarchy that checks this flag and raises and exception if it's not set.

See 'programming.txt' in the docs for more info on _q_access, and
'sessions.txt' for implementing sessions.  The most difficult part will
be making your sessions persistent, if you want to do that.  I don't
think you will need to do this as long as you have your site running
in a single process, but then restarting your Web server will flush your
sessions/logins.

cheers,
--titus