>
> The question is if/how you can address the issue for other users - or at
> least warn them about it.
>
Not sure. There's some discussion on the developer's list. I agree we
should at least have a warning in the book.
Anthony
--
Resources:
- http://web2py.com
- http://web2py.com/book
thanks! for me that's fine and an easy workaround.
The question is if/how you can address the issue for other users - or at
least warn them about it. I think experiencing this problem is not that
unlikely but it goes unnoticed very easily. For a small user base its
irrelevant (from a
>
> My idea would be to add a warning that the session will be detected as
> changed and written to disk etc. (depending on session type) if a dict
> value (like auth.user_groups) of the session is accessed outside a
> controller function
>
Note, the problem occurs when creating new objects
On Tuesday, March 15, 2016 at 6:09:05 PM UTC-4, Alex wrote:
>
> Do you know why there is a difference if the dict is accessed inside or
>> outside a controller function?
>>
>
> I still don't understand why it behaves correctly when accessed inside a
> controller function. I tried setting a new
>
> Do you know why there is a difference if the dict is accessed inside or
> outside a controller function?
>
I still don't understand why it behaves correctly when accessed inside a
controller function. I tried setting a new value in a controller function
(e.g. auth.user.test = '1') and
>
> Are you looking for an alternative way to hash the session? The problem is
> the session currently allows any pickleable object, so we can't pick a
> serialization format that excludes anything pickleable (e.g., JSON would
> not work).
>
so the only alternative would be to use pickle
web2py on this particular matter needs to be pretty dumb exactly because
pretty much anything can be serialized into the session.
Sessions are also not hookable, so you can't even write your own
serializer
any other framework restricts serialization to a plain dict (serialized as
json) OR
On Tuesday, March 15, 2016 at 1:36:19 PM UTC-4, Alex wrote:
>
> Do you know why there is a difference if the dict is accessed inside or
> outside a controller function?
>
> Are there any (fast) alternatives to calculate a dict hash?
>
Are you looking for an alternative way to hash the session?
Do you know why there is a difference if the dict is accessed inside or
outside a controller function?
Are there any (fast) alternatives to calculate a dict hash?
The workaround for me would be to not access auth.user_groups and use
fields in the user table instead (e.g. auth.user.is_admin)
Yes, got it now. Actually, it will happen in a controller as well if you
run that code at the top level rather than inside a function (will also
happen if you run the code in a view). It seems to be a general problem
with saving dictionaries to the session, and it is triggered not only by
If the code (e.g. iterating user_groups) is in a controller everything is
fine and the session file is not written. But just put this code
if auth.user_id:
for role in auth.user_groups.itervalues():
continue
in db.py of the welcome app after auth.define_tables and the session file
Interestingly, the following code does seem to trigger overwrites of the
session file (though not consistently):
temp = BEAUTIFY(session)
Not sure what's going on there.
Anthony
On Monday, March 14, 2016 at 7:42:53 PM UTC-4, Anthony wrote:
>
> I'm on Windows with the same web2py and
I'm on Windows with the same web2py and Python versions.
On Monday, March 14, 2016 at 7:00:16 PM UTC-4, Alex wrote:
>
> I don't think a test app is that simple to create. It needs a db,
> auth_user table, user entry with memberships, login form ... because the
> issue only occurs if you're
I don't think a test app is that simple to create. It needs a db, auth_user
table, user entry with memberships, login form ... because the issue only
occurs if you're logged in.
It is true that the pickled sessions are different after iterating the
user_groups as confirmed by Anthony. Therefor
got that but trust /me and @Anthony, we're pretty accustomed with the code.
I can't replicate and @Anthony seems neither.
I'm on win, 2.7.9, and tested all stable releases from 2.6.1 to latest, and
can't see the session change (i.e. the file being updated) while iterating
user_groups.
Something
On Monday, March 14, 2016 at 10:08:34 PM UTC+1, Anthony wrote:
>
> On Monday, March 14, 2016 at 4:14:42 PM UTC-4, Alex wrote:
>>
>> no, I don't have response.toolbar in my view. The issue should be
>> reproducible with the code snippet above - assuming you are logged in and
>> have a membership
web2py version 2.12.3 (the code for testing if the session has changed is
the same in the current version), Python 2.7.5 and Windows.
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
-
Also, which version of web2py and Python, and which platform?
On Monday, March 14, 2016 at 5:08:34 PM UTC-4, Anthony wrote:
>
> On Monday, March 14, 2016 at 4:14:42 PM UTC-4, Alex wrote:
>>
>> no, I don't have response.toolbar in my view. The issue should be
>> reproducible with the code snippet
BTW: can't replicate myself either with your piece of code.
On Monday, March 14, 2016 at 10:08:34 PM UTC+1, Anthony wrote:
>
> On Monday, March 14, 2016 at 4:14:42 PM UTC-4, Alex wrote:
>>
>> no, I don't have response.toolbar in my view. The issue should be
>> reproducible with the code snippet
On Monday, March 14, 2016 at 4:14:42 PM UTC-4, Alex wrote:
>
> no, I don't have response.toolbar in my view. The issue should be
> reproducible with the code snippet above - assuming you are logged in and
> have a membership (i.e. auth.user_groups has at least one item).
>
It's true that you
there's a bit of machinery added to sessions to see if it actually changed
or not. Actually there was an issue (referenced in the commit log as 1524,
which ATM I can't find) which was fixed by the whole shebang of
sorting_pickler in 2.6.0
On Monday, March 14, 2016 at 9:14:42 PM UTC+1, Alex
no, I don't have response.toolbar in my view. The issue should be
reproducible with the code snippet above - assuming you are logged in and
have a membership (i.e. auth.user_groups has at least one item).
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
-
Do you happen to have {{=response.toolbar()}} in your view, and if so, does
the problem go away if you remove it?
Anthony
On Sunday, March 13, 2016 at 12:10:32 PM UTC-4, Alex wrote:
>
> I've found out that the session file is always updated
> (Session._try_store_in_file) if I access
I assume calling the iterator changes some internal state in the C
implementation of the dict which is then processed by cPickle. Therefor the
current method to get the hash value from the pickled session and compare
this hash if the session has changed is not optimal.
One possible fix would
it makes a difference if
import cPickle as pickle
or
import pickle
is used. With the latter import the pickled sessions are equal. Only with
cPickle (as used in gluon/globals.py) the pickled sessions are different.
So it seems like I should avoid reading auth.user_groups if I don't want
the
25 matches
Mail list logo
