That what I thought too... filesystem is slow, database would requires a new auth table or at least a new field (system reserved)...
What's about a persistent auth parameters?? We could make it persitent from request to request in cache as long as cache (RAM) can be used by web2py internal code?? Richard On Tue, Jun 6, 2017 at 3:49 PM, Anthony <abasta...@gmail.com> wrote: > When you mention "persist the list of flagged users", it mean that there >> is no such thing as persistence in web2py and that at each request web2py >> is completely "ignorant" about any given state it may find itself in?? >> > > Well, each request is executed independently, though there are means of > persisting state, such as the cache, a database, or the file system. > > >> I guess using session as a persistence mean for make this possible would >> involve security issue as we would using user centric persistence option >> for storing general information which is sensitive as it provide a list of >> ID and possibly other information to make this working... >> > > It's not a security issue, as users are not able to inspect the data in > their sessions (even cookie-based sessions are encrypted), but it wouldn't > make sense to store a list that needs to be globally accessible across > users inside the session of a single user. Sessions are for storing data > specific to a particular user (actually, a particular session of a > particular user). > > >> >> On Tue, Jun 6, 2017 at 12:12 PM, abastardi <notificati...@github.com> >> wrote: >> >>> How could we update someone else auth.user_groups?? Could we issue a one >>> time reinitialization command by setting a flag on/off when use >>> add_/del_membership?? We can then force a give user to reinit the >>> auth.user_groups list on his next request... >>> >>> That's one approach, but then we need a way to persist the list of >>> flagged users (preferably that easily scales horizontally), and there would >>> be some cost on every request (at least every request that needs to check >>> authorization) to check the list. >>> >>> Another option would be to keep a record of active session identifiers >>> for each user, and whenever a role change occurs, update all of that user's >>> active sessions (note, this will not work with cookie-based sessions -- >>> only sessions stored on the server). >>> >>> — >>> You are receiving this because you were mentioned. >>> Reply to this email directly, view it on GitHub >>> <https://github.com/web2py/web2py/issues/1638#issuecomment-306537115>, >>> or mute the thread >>> <https://github.com/notifications/unsubscribe-auth/ABlWx6Gt8ZtnxuGO79x3KXmuHNK1UC8uks5sBXqJgaJpZM4NviB_> >>> . >>> >> >> -- > Resources: > - http://web2py.com > - http://web2py.com/book (Documentation) > - http://github.com/web2py/web2py (Source code) > - https://code.google.com/p/web2py/issues/list (Report Issues) > --- > You received this message because you are subscribed to the Google Groups > "web2py-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to web2py+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
