Thanks, thats partially works. But I have another one question. If I run my script under nginx with ssl, I got this header: Set-Cookie: adm_sess=14084f99593a676fc46fb108616d9ce7106d4721; Path=//
If I run script just in command line and with no ssl enabled, header appears like this: Set-Cookie: adm_sess=15fa6b11422d360fe616dcb14704f26ea4ffeb49; Path=/ Why `Path` option changes between two runs? On Oct 6, 1:50 am, Justin Davis <[email protected]> wrote: > The default session sets httponly cookies as a security precaution to > make it harder for cross site scripting to get access to your session > cookie. You can disable it if you need access to the session cookie by > specifying the following config parameter: > > web.config.session_parameters.httponly = False > > -Justin > > On Oct 4, 8:17 am, bm <[email protected]> wrote: > > > > > > > > > Hi. > > > I have trouble with sessions worked over an https connection. > > > The code is: > > > initializer = {'logged_in': False} > > web.config.session_parameters['cookie_name'] = 'adm_sess' > > web.config.session_parameters['cookie_domain'] = None > > web.config.session_parameters['timeout'] = 86400*30 > > web.config.session_parameters['ignore_expiry'] = False > > web.config.session_parameters['ignore_change_ip'] = True > > web.config.session_parameters['secret_key'] = '****************' > > web.config.session_parameters['expired_message'] = 'Session expired' > > session = web.session.Session(app, web.session.DiskStore('/tmp/ > > adm_sessions'), initializer=initializer) > > > And here is what I'm get in headers: > > > HTTP/1.1 200 OK > > Content-Type: text/html; charset=utf-8 > > Set-Cookie: adm_sess=10999fd5fc3e7c5be9a8e0c162eaa440f6d79742; Path=/; > > httponly > > Connection: close > > Date: Tue, 04 Oct 2011 15:16:02 GMT > > Server: localhost > > Transfer-Encoding: Identity > > > Why it sends me an `httponly` parameter? What should i do to make it > > work? > > > Thanks! -- You received this message because you are subscribed to the Google Groups "web.py" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/webpy?hl=en.
