I've blocked all the other applications in the apache config. just
wondering: wouldn't it be better to move the applications from the web2py
git repository to somewhere else? I'm using web2py source from git (with
specific tag) for my productive system and therefor also have the examples
and
On Wednesday, March 23, 2016 at 1:22:27 AM UTC-4, Massimo Di Pierro wrote:
>
> It is but make sure you do not expose the welcome app. That app exposes
> (as an example) the state of the system, which includes your secret key.
> The next we2py version (this week, I promise) will prevent that.
>
It is but make sure you do not expose the welcome app. That app exposes (as
an example) the state of the system, which includes your secret key. The
next we2py version (this week, I promise) will prevent that.
On Tuesday, 22 March 2016 18:55:25 UTC-5, Alex wrote:
>
> yes, I'm talking about
yes, I'm talking about session data in a cookie. as mentioned in the book
with
session.connect(request, response, cookie_key='secret')
As mentioned by Anthony there are no known vulnerabilities - unless proven
otherwise. So I assume it is safe to use this method.
Further the session data in a
On Tuesday, March 22, 2016 at 6:50:30 PM UTC-4, Massimo Di Pierro wrote:
>
> Let's be clear. By default no data is stored in the session cookie. the
> session cookie is only a uuid. The data is only stored server side in a
> file. Unless you explicitly change this to store sessions data in a
Let's be clear. By default no data is stored in the session cookie. the
session cookie is only a uuid. The data is only stored server side in a
file. Unless you explicitly change this to store sessions data in a cookie.
Is that what you are doing?
On Tuesday, 22 March 2016 06:44:06 UTC-5,
On Tuesday, March 22, 2016 at 7:44:06 AM UTC-4, Alex wrote:
>
> Does anyone have more information about sessions stored in cookies? is it
> really completely safe or is it theoretically possible for an attacker to
> pretend being logged in as some random user?
>
> It is known (or easy to find
Does anyone have more information about sessions stored in cookies? is it
really completely safe or is it theoretically possible for an attacker to
pretend being logged in as some random user?
It is known (or easy to find out) that an app was made with web2py and the
session code is open
Usually I don't want to use session.forget because I store things like
selected language for all users. The sessions work fine also for users who
are not logged in (there is only one session file created for one user) so
I can't explain why there are that many files. Anyone knows about the
I guess you have already taken a look at the sessions related
documentation here:
web2py.com/books/default/chapter/29/13/deployment-recipes
* You could use "sessions.forget()", for cases where you do not want a
sessions file to be issued. Maybe the scenario where the user is not
logged
I've found out that we got around 2 million session files, although I'm
regularly running sessions2trash.py to clean up old sessions. We got many
users and requests but the number of sessions is still way too much.
When a user (who is not logged in) makes a new request a new session file
is
11 matches
Mail list logo
