Advice on deploying wsgi app using jsonfas

[Mike McGrath]

On Mon, 30 Jun 2008, Robin Norwood wrote:

> Hi,
>
> So I'm working to get amber packaged and deployable as a wsgi app so I
> can run a demo on publictest10.  I've made pretty fair progress getting
> things up and running (on my local system first to make sure it works),
> but I've run into an issue.
>
> For the setup, I'm basically ripping off the way Ricky Zhou set up fas
> wholesale.  I have an amber.conf file in /etc/httpd/conf.d, which
> refers to an amber.wsgi file.  All of that seems to work fine.  The
> problem happens when I try to connect.  I get a 500 error with the
> following in httpd's error log:
>
> Unable to write to session file /var/www/.fedora_session: [Errno 13]
> Permission denied: '/var/www/.fedora_session'
>
> Well, it turns out that this is because my app is using jsonfas, which
> uses fedora.client.BaseClient.  In fedora/client/__init__.py, I find:
>
> SESSION_FILE = path.join(path.expanduser('~'), '.fedora_session')
>
> Which explains the error - my app is running under apache, and
> while /var/www is apache's homedir, apache can't write to that
> directory.
>
> So, as anyone else worked around this with another turbogears app
> running under wsgi and using jsonfas?  Since turbogears and fas are
> both pretty common, it seems likely that someone here has already dealt
> with this.

Does your application prompt users for their username and password or does
it have one listed in the configs somewhere to access fas?  I'm not
familiar with the .fedora_session format, does it store everyone's
sessions?

I'm asuming that if someone had access to it they'd be able to become
whoever was logged in at that time.  Probably to other applications as
well.  I'd like to hear Toshio's advice on this, I believe he's the
primary architect of how .fedora_session should behave

	-Mike