It is good you brought this up because other systems store sessions client-side and users may not know. web2py's server side sessions with uuids are safes and faster.
Massimo On Feb 19, 8:07 am, cjparsons <[email protected]> wrote: > Thank you, as ever, Massimo, for your devotion and advice! > > > The lack of client-size expiration which is an > > attribute of the cookie itself, is the reason why they are not > > persistent. This can be easily changed. > > This was my point of my not-understanding about the expiry. > > The use of the HMAC came from my former thinking that "session" was a > cookie, and "session.variable" was a field in the cookie stored on the > client machine. I think I implemented this before the manual was > available and didn't read that the session is stored server-side until > now. (For reference, it's in section 3.3 "Let's count"). --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web2py Web Framework" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/web2py?hl=en -~----------~----~----~----~------~----~------~--~---
