Yes, the user cannot access the session (if it is stored in the filesystem
or database, obviously the user has no access, and if stored in a cookie,
it is encrypted).
Anthony
On Friday, October 4, 2013 2:44:29 AM UTC-4, D. wrote:
>
> Thank you for the provided solutions - I'll try them out asap. When
> storing the list as a session-variable is it protected from
> user-manipulation as well?
>
> Best regards!
>
> Am Donnerstag, 3. Oktober 2013 22:57:44 UTC+2 schrieb Massimo Di Pierro:
>>
>> You can do but
>>
>> def one():
>> files = []
>> for i in range(10):
>> files.append(i)
>> session.files = files
>> redirect(URL("two"))
>>
>> def two():
>> files = session.files
>> logger.info(True)
>>
>> OR
>>
>> from simplejson import loads, dumps
>>
>> def one():
>> files = []
>> for i in range(10):
>> files.append(i)
>> redirect(URL("two", vars={"files":dumps(files)}, user_signature=True)
>>
>> @auth.requires_signature()
>> def two():
>> files = loads(form.vars.files)
>> logger.info(True)
>>
>> I think the problem is putting a list in vars.
>>
>> On Thursday, 3 October 2013 10:21:19 UTC-5, D. wrote:
>>>
>>> It does not really matter what's in the list:
>>>
>>> Even a simple list like this leads to a 403-error: [0, 1, 2, 3, 4, 5, 6,
>>> 7, 8, 9, 10]
>>>
>>> How would I store and retrieve a long list in a session?
>>>
>>> Thank you so much for your help!
>>>
>>> Am Donnerstag, 3. Oktober 2013 15:22:04 UTC+2 schrieb Massimo Di Pierro:
>>>>
>>>> What's into files? How long are the strings? There are limits to how
>>>> long the query string can be. I thing the files should be saved in a
>>>> session and retrieved by the target page
>>>>
>>>> On Thursday, 3 October 2013 01:52:47 UTC-5, D. wrote:
>>>>>
>>>>> I'm still struggeling with this problem - does anyone have an idea?
>>>>>
>>>>> I narrowed it a bit further down:
>>>>>
>>>>> If the list I'm passing as vars contains 10 items or less
>>>>> @auth.requires_signature() validates correctly and access to the function
>>>>> is granted. However, if the list has 11 or more items I get "Insufficient
>>>>> priviledges".
>>>>>
>>>>> Best regards!
>>>>>
>>>>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
