On Saturday, April 9, 2011 12:44:06 PM UTC-4, 黄祥 wrote: > > i'm understand right now, thank you very much for your detail > explaination. > what is the different within session.forget(response) and session.forget()? > session.forget() just tells web2py not to bother saving the current session to the session file at the end of the current request. session.forget(response) does the same thing, but also immediately unlocks and closes the session file (rather than at the end of the request). Unlocking the session file can be useful if you've got a long running action -- otherwise, if it remains locked during the entire request, other requests within the same session (e.g., Ajax requests) will be blocked until the long running request is complete.
> 1 more things, it is best practice to save the session in database? > like i read in > http://web2py.com/book/default/chapter/11#Sessions-in-Database > I'm not sure about that one. You're probably OK with the filesystem in most cases. > i've already tested your step to put session.forget(), but i can't using > crud, like i've read on that web2py book url, is there anyways to do this? > Note, in order to protect against CSRF attacks and double form submission, web2py forms (using FORM, SQLFORM, or Crud) store a one-time key in the session (see http://web2py.com/book/default/chapter/07#Hidden-fields). So, for any actions dealing with form submission, you probably should not do session.forget(). Anthony
