thank you so much for your explaination. i'm quite understand right now. best regards,
steve van christie On Sun, Apr 10, 2011 at 1:02 AM, Anthony <[email protected]> wrote: > On Saturday, April 9, 2011 12:44:06 PM UTC-4, 黄祥 wrote: >> >> i'm understand right now, thank you very much for your detail >> explaination. >> what is the different within session.forget(response) >> and session.forget()? >> > > session.forget() just tells web2py not to bother saving the current session > to the session file at the end of the current request. > session.forget(response) does the same thing, but also immediately unlocks > and closes the session file (rather than at the end of the request). > Unlocking the session file can be useful if you've got a long running action > -- otherwise, if it remains locked during the entire request, other requests > within the same session (e.g., Ajax requests) will be blocked until the long > running request is complete. > > >> 1 more things, it is best practice to save the session in database? >> like i read in >> http://web2py.com/book/default/chapter/11#Sessions-in-Database >> > > I'm not sure about that one. You're probably OK with the filesystem in most > cases. > > >> i've already tested your step to put session.forget(), but i can't using >> crud, like i've read on that web2py book url, is there anyways to do this? >> > > Note, in order to protect against CSRF attacks and double form submission, > web2py forms (using FORM, SQLFORM, or Crud) store a one-time key in the > session (see http://web2py.com/book/default/chapter/07#Hidden-fields). So, > for any actions dealing with form submission, you probably should not do > session.forget(). > > Anthony >
