No. The session is used for storing the state. The URL is used to identify a resource. In the case of the grid you need the URL to identify the record you want to edit. You need the ID in the URL for that. You cannot use a state variable for that purpose. One could try but one would break all sorts of things. For example you could not be able to open two grids at ones. One would never be sure which record one is editing.
On Saturday, 5 October 2013 06:46:16 UTC-5, Martin Zach wrote: > > Hi, > > the SQLFORM and SQLFORM.grid is very nice, very short code and a quick > working result. > > BUT these grids are showing some internal informations like the id in > > database_examples/manage_transactions/person/product.seller_id/1 > ?_signature=4c5ae928e1c6011a71e52ae341364b5620209908 > > I can use signed URLs to avoid a misuse, but the leaked ids are a > potential risk? > > Is it possible to use a session to pass the variables instead of the GET? > > Thanks for some ideas about this. > > Cheers! > > pd > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
