User signature only works if the user is currently logged in and expire if
the user re-logins.
You can use the requires_signature mechanism but you have to sign not with
user signature but with a hmac_key
URL('index', hmac_key=SECRET)
and
def index():
if not URL.verify(hmac_key=SECRET): raise HTTP(400)
On Wednesday, 1 February 2017 04:07:34 UTC-6, Ramos wrote:
>
> I was using only
> @auth.requires_signature() but when i started to send links via email to
> users, they could not access it because the controller was was trying to
> match my signature with the users signature.
> That is wy i changed to urls signed with the destination user id...
> Maybe this is not necessary.
>
> I changed back to only
> @auth.requires_login()
>
> 2017-01-31 18:58 GMT+00:00 Leonel Câmara <[email protected]>:
>
>> Why do you need a signature for something that requires the user to be
>> logged in?
>>
>> --
>> Resources:
>> - http://web2py.com
>> - http://web2py.com/book (Documentation)
>> - http://github.com/web2py/web2py (Source code)
>> - https://code.google.com/p/web2py/issues/list (Report Issues)
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "web2py-users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected].
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
