On Jun 28, 2:01 pm, Alberto Valverde <[EMAIL PROTECTED]> wrote:
> One problem I see is that this might cause trouble in cases like this:
>
> Request
> |
> V
> db transaction middleware -> creates session A
> |
> V
> authentication middleware -> authenticates user and keeps ref to User
> instance (attached to session A)
> |
> V
> other middleware and PylonsApp
> |
> V
> TG controller -> creates session B inside __call__
> |
> V
> authorization library tries to check permissions for mapped Foo
> instance (attached to session B) which has a owner attribute:
>
> foo.owner (sess B) == logged_in_user (sess A)
you generally should not share objects between sessions, things will
break. for example, the right way to use the user from session a into
session b would be :
foo.owner = sessionb.merge(user_from_sessiona)
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"pylons-discuss" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/pylons-discuss?hl=en
-~----------~----~----~----~------~----~------~--~---
