[web2py] Re: Auth over SSL

[pbreit]

Using session.secure() sets the "secure" flag on the session cookie which 
prevents it from ever being sent over a nonsecure channel. This should be 
sufficient to build a Firesheep-proof system.