tags:

views:

499

answers:

3
+7  Q: 

Google app engine users Auth: djangoappengine Vs Web2py Vs Webpy

I'm going to develop a small web application on Gae with a registration section, login\logout and stuff like that.
Since Google app Engine does not support session out of the box and i don't want to restrict access using google Accounts, i am forced to pick a Framework that offers this kind of facilities.

My choices are:

  1. Web2py
  2. Djangoappengine
  3. Webpy

Reading its book, Web2py seems to offer session object and has a good access control, offering an Auth class that implements Role-Based Access Control.

I don't know Djangoappengine yet but i suppose it offers Django Auth.

Webpy works on appengine but has not any official way to handle session on GAE.

If you have used these frameworks, do you mind to share you experience building a private site section on Google app engine?

+4  A: 

web2py authentication works out of the box on Google App Engine. The only difference when running on GAE vs other platform is that on GAE sessions are saved in the datastore and not the filesystem.

The scaffolding application already has auth setup to work on gae.

Caveat: GAE needs to know which indexes to build. Unless you know how to edit web2py/index.yaml manually, you must run the app locally with dev_appserver and run all the auth options (register, login, logout, reset password, change password, edit profile, etc.) then deploy. By running the app locally once, queries are executed and dev_appserver can figure out which indexes it needs upon deployment.

web2py also has gluon/contrib/login_methods that are plugin modules for auth (ldap, pam, gmail, linkedin, ...). Some of them also work on GAE, some do not (for example there is no ldap and no pam on GAE).

mdipierro  2010-07-14 12:06:52
+1  A: 

App Engine now supports OpenID Authentication. Why not use that?

Nick Johnson  2010-08-07 14:12:51
@Nick OpenID is cool and we will support it. What i want is a session object and i don't know why Gae Python does not offer it out of the box. (GaeJ has HttpSession)
systempuntoout  2010-08-08 07:59:52
Are you asking about authentication, or sessions, then? If you use the built in authentication, you probably don't need explicit sessions: you can simply associate any relevant data with the user's credentials.
Nick Johnson  2010-08-08 10:18:34
@Nick i agree that my question is a little bit misleading; I'm searching for a session solution on Gae and as example i used the classic login\logout problem. Reading your post http://blog.notdot.net/2010/02/Webapps-on-App-Engine-Part-5-Sessions i found this project that looks promising wiki.github.com/dound/gae-sessions/….
systempuntoout  2010-08-09 14:00:54
A: 

Hi I was reading your problem. I found somewhat similar to my problem. I am quite new to answer to your problem. But I have question related to it.

Is it possible that I am having apps on GAE, which uses the google account authentication, and only allow users who are in some sort of access control list.

regards, Alok

Alok  2010-09-07 20:23:26

related questions

What is typically the length of your optimal coding session?
What's the most current, good practice, and easiest way to use sessions in PHP?
What can cause an ASP.NET worker process to be recycled?
How do I explicitly set asp.net sessions to ONLY expire on closing the browser or explicit logou?
session variable mixup in ASP.NET?
In Classic asp, can I store a database connection in the Session object?
What are the advantages and disadvantages of the Session Façade Core J2EE Pattern?
Different values of GetHashCode for inproc and stateserver session variables
Best way for allowing subdomain session cookies using Tomcat
Is there a way to specify a different session store with Tomcat?
PHP: $_SESSION - What are the pros and cons of storing temporarily used data in the $_SESSION variable
What is the best way to handle sessions for a PHP site on multiple hosts?
How much data can/should you store in a users session object?
ASP.Net Session_Start event not firing
Logging image downloads
ASP.Net: If I have the Session ID, Can I get the Session object?
Secure session cookies in ASP.NET over HTTPS
Django Sessions
Can I put an ASP.Net session ID in a hidden form field?
Always including the user in the django template context
Rails - recovering database from Production.log
Most efficient way to get data from the database to session
What is the best way to prevent session hijacking?
FOSS ASP.Net Session Replication Solution?
How do I best detect an ASP.NET expired session?