On Wed, Oct 19, 2011 at 1:13 PM, Harshad <[email protected]> wrote:
> Before we close this thead, I am curious as to why/how is this a security
> risk?
Having a controller which returns nothing
def index():
return dict()
and for example in session.
session.mysecretvariable = "hello"
If the index controller uses generic views, generic view will expose the
toolbar which have [session, response, request] links and your users will be
able to see all your session variables including the "mysecretvariable"
