We could continue this conversation here... When you mention "persist the list of flagged users", it mean that there is no such thing as persistence in web2py and that at each request web2py is completely "ignorant" about any given state it may find itself in??
I guess using session as a persistence mean for make this possible would involve security issue as we would using user centric persistence option for storing general information which is sensitive as it provide a list of ID and possibly other information to make this working... We could use encryption and rely over web2py instance picked password to hide this information to a potential attacker? Do we already have any way to encrypt something into the user session or are we doing such thing at all?? At the same time a simple list of user ID which someone can already guess the identifier is not that much sensitive. It may be just not the best place to store such information... Richard On Tue, Jun 6, 2017 at 12:12 PM, abastardi <[email protected]> wrote: > How could we update someone else auth.user_groups?? Could we issue a one > time reinitialization command by setting a flag on/off when use > add_/del_membership?? We can then force a give user to reinit the > auth.user_groups list on his next request... > > That's one approach, but then we need a way to persist the list of flagged > users (preferably that easily scales horizontally), and there would be some > cost on every request (at least every request that needs to check > authorization) to check the list. > > Another option would be to keep a record of active session identifiers for > each user, and whenever a role change occurs, update all of that user's > active sessions (note, this will not work with cookie-based sessions -- > only sessions stored on the server). > > — > You are receiving this because you were mentioned. > Reply to this email directly, view it on GitHub > <https://github.com/web2py/web2py/issues/1638#issuecomment-306537115>, or mute > the thread > <https://github.com/notifications/unsubscribe-auth/ABlWx6Gt8ZtnxuGO79x3KXmuHNK1UC8uks5sBXqJgaJpZM4NviB_> > . > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
