I will add logging. Mind that it has pointed out that impersonate/0 presents a mild security risk. We have already changed the impersonate action in trunk and not you have to submit the user_id via POST to impersonate.
I am still not 100% happy with this but since it is a security issue we are breaking backward compatibility for this action. The change for you will be minimal. Massimo On Dec 8, 1:12 am, Markus Schmitz <[email protected]> wrote: > Hi everybody, > > I am working on a new site, where we also plan to use the > impersonation feature for support purposes, which is very helpful. > The impersonation works perfectly, but it looks like there is no log > in the auth_event table of this happening. > > Is this intended or did I look at the wrong place? > > Also as I can go back to the original user with impersonate/0, where > does web2py store the original user? We could use this to store on > each update and create not only the current user, but also the actual > user (similar to the effective and actual user id in unix systems). > > Regards > > Markus
