yes, I'm talking about session data in a cookie. as mentioned in the book with
session.connect(request, response, cookie_key='secret') As mentioned by Anthony there are no known vulnerabilities - unless proven otherwise. So I assume it is safe to use this method. Further the session data in a cookie is almost 2KB. If I use compression it is around 1,2KB. The total http header size without session data is around 1KB. So the request header size would be 2-3 times larger for every request. I don't know if this really makes a difference but it is something I have to keep in mind. I'm still deciding between session data in cookie and sessions in redis. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.