I want to have a working demo of my app for anybody that comes to the site. If they decide to stay I save their data, otherwise I delete it with a cron job. I understand the signature is supposed to prevent hijacking of the session. I don't want the data to be compromised, even for a anonymous guest. If I misunderstood anything, please correct me.
Sent from my phone On 15 בדצמ 2011, at 15:25, Cliff <[email protected]> wrote: import string import random mykey = ''.join( random.choice(string.ascii_lowercase+string.digits)\ for x in range(32) ) session.auth.hmac_key = mykey Read up on hmac_key in the online book. Unfortunately I do not recall the chapter. Also I use this code in a redirect, like so: redirect(URL('index', args=['edit', 'some_object', form[1].vars.id], hmac_key=mykey)) How you would append the hmac_key to the edit link generated by grid is an interesting question. I guess you could set editable=False in the call to smartgrid, then create your own edit link. If you set the class for your custom link same as the style of the grid's link it should look the same. Why not just turn off user_signature for anon users? You can check for login with: if session.auth and session.auth.user: On Dec 15, 5:21 am, tsvim <[email protected]> wrote: Ok, after reading up on user_signature, I don't really like to turn it off. If I do turn it off, I'd like at least something that will allow the same for anonymous users. Is there anyway I can generate a user_signature for some anonymous user? Thanks, Tsvi
