到目前为止没有回应,所以我能做的最好的事情就是确认它确实在身体上有效。有关如何设置Flex Builder来编写与Django页面模板通信的html-wrappers的详细信息,请参阅my other post。以上用的是前述的组合来实现,以及:
制造一个SessionAlias
模型:
class SessionAlias(models.Model):
alias = models.CharField(max_length=40, primary_key=True)
session = models.ForeignKey(Session)
created = models.DateTimeField(auto_now_add=True)
弯曲点到一个Django页面经由视图负载包含:
s = SessionAlias()
s.alias = SessionStore().session_key // generates new 40-char random
s.session = Session.objects.get(session_key=request.session.session_key)
s.save();
randomcookie = SessionStore().session_key // generates new 40-char random
kwargs['extra_context']['randomcookie'] = randomcookie
response = direct_to_template(request, **kwargs)
response.set_cookie(randomcookie, value=alias)
在flex html-wrapper,其中randomcookie是查找别名的位置:
<param name="flashVars" value="randomcookie={{randomcookie}}" />
在applicationComplete
,我们得到randomcookie并找到别名,并登录使用:
var randomcookie:String = this.parameters["randomcookie"];
// randomcookie is something like "abc123"
var js:String = "function get_cookie(){return document.cookie;}";
var cookies:String = ExternalInterface.call(js).toString();
// cookies looks like "abc123=def456; sessionid=ghi789; ..."
var alias:String = // strip out the "def456"
mynetconnection.call("loginByAlias", alias, successFunc, failureFunc);
这反过来又访问这个PyAMF的网关RPC:
from django.contrib.auth import SESSION_KEY, load_backend
from django.contrib.auth.models import User
from django.contrib import auth
from django.conf import settings
def loginByAlias(request, alias):
a = SessionAlias.objects.get(alias=alias)
session_engine = __import__(settings.SESSION_ENGINE, {}, {}, [''])
session_wrapper = session_engine.SessionStore(a.session.session_key)
user_id = session_wrapper.get(SESSION_KEY)
user = User.objects.get(id=user_id)
user.backend='django.contrib.auth.backends.ModelBackend'
auth.login(request, user)
a.delete()
return whateverToFlash
而在这一点上,在flash/flex侧,该特定mynetconnection
保留了会话cookie状态,可以进行未来呼叫,以便在网关内部,request.user
是首先登录到网页的正确验证用户。
再次请注意,flex的运行/调试设置必须使用https以及NetConnection
的网关设置。当发布这个时,我必须确保已通过身份验证的用户继续使用https。
任何人的进一步信息,将不胜感激,尤其是如果有对这个安全方面真实的反馈...