It is but make sure you do not expose the welcome app. That app exposes (as an example) the state of the system, which includes your secret key. The next we2py version (this week, I promise) will prevent that.
On Tuesday, 22 March 2016 18:55:25 UTC-5, Alex wrote: > > yes, I'm talking about session data in a cookie. as mentioned in the book > with > > session.connect(request, response, cookie_key='secret') > > As mentioned by Anthony there are no known vulnerabilities - unless proven > otherwise. So I assume it is safe to use this method. > > Further the session data in a cookie is almost 2KB. If I use compression > it is around 1,2KB. The total http header size without session data is > around 1KB. So the request header size would be 2-3 times larger for every > request. I don't know if this really makes a difference but it is something > I have to keep in mind. I'm still deciding between session data in cookie > and sessions in redis. > > > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
