Massimo, Thanks for explaining session.secure(), I understand it now. I appreciate all your quick and helpful replies. About finding a bug, well I guess if in the end it goes toward making web2py even better, then it is a good thing. Viva web2py! :-)
On Oct 9, 1:21 am, mdipierro <[EMAIL PROTECTED]> wrote: > You found a bug, I believe this version 1.44 only. The session key (36 > bytes) does not fit in the table field (32). > Fixed in trunk now. I will repost 1.45 soon. > > session.secure() meens that the session cookie will have a flag turned > on and you will browser will (should) not return it until the > transmission goes over https. > This should prevent attackers from stealing your cookies and your > sessions. > > You should have session.secure() if your app requires authentication > of users but if you use session.secure() without https, sessions will > not work. > > Massimo > > On Oct 8, 10:19 pm, morningovermidnight > > <[EMAIL PROTECTED]> wrote: > > Ok, so I'm working on this while I'm posting...hoping that either I > > will figure it out or that someone will reply with the answer, > > whichever happens first.... :-) > > > I am working to store sessions in my database. However, when I add to > > my model: > > > session.connect(request, response, db=db, tablename='session_record') > > > I get an error ticket that reads: > > > value too long for type character varying(32) > > > I haven't defined the session_records table outside of the definition > > above. What's going on? Any ideas? > > > P.S. Also, if you don't mind, would someone explain session.secure()? > > I just place that in the model as well, correct? Just like: > > > session.connect(request, response, db=db, tablename='session_record') > > session.secure() > > > When I have a secure session, what does that mean exactly? Does that > > mean traffic will be over https?? (Sorry for the green questions, but > > this is something at which I'm still new! :-) ) --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web2py Web Framework" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/web2py?hl=en -~----------~----~----~----~------~----~------~--~---
