You can solve this problem by prepending a session id to all URLs, for example like this:
http://myproject.com/akdf73qztu/login http://myproject.com/akdf73qztu/profile And from then on only use relative URLs. Am 04.06.2012 17:10, schrieb Shannon Cruey: > Also, as being discussed on another thread, cookies are scoped to the browser, > not specific tabs/windows. So, if you're using session for user state, there > will be issues if you try to use your app as two different users in two > different browser tabs. > > On Mon, Jun 4, 2012 at 10:39 AM, Dragan Espenschied <[email protected] > <mailto:[email protected]>> wrote: > > The implementation of sessions via cookies in webpy is just as "secure" > as many > other implementations: A cookie is set with a randomly generated id that > points > to a source containing a dictionary. If you use database storage for the > sessions or do not use the file storage within a publicly accessible > directory, > that is "secure enough" for most cases. All other security measures one > could > take (to prevent "session riding") are design decisions that affect the > usage of > your web site. > > So I don't think there are any problems with session security. > > Am 04.06.2012 15:59, schrieb Lucas Kauffman: > > I read on the webpy website that cookies aren't considered secure to use > at the > > moment. However webpy keeps track of sessions with cookies, does this > mean > > webpy's sessions aren't secure? > > > > Kind regards, > > Lucas Kauffman > > > > -- > > You received this message because you are subscribed to the Google > Groups > > "web.py" group. > > To post to this group, send email to [email protected] > <mailto:[email protected]>. > > To unsubscribe from this group, send email to > [email protected] > <mailto:webpy%[email protected]>. > > For more options, visit this group at > http://groups.google.com/group/webpy?hl=en. > > -- > http://noobz.cc/ > http://digitalfolklore.org/ > http://contemporary-home-computing.org/1tb/ > > -- > You received this message because you are subscribed to the Google Groups > "web.py" group. > To post to this group, send email to [email protected] > <mailto:[email protected]>. > To unsubscribe from this group, send email to > [email protected] > <mailto:webpy%[email protected]>. > For more options, visit this group at > http://groups.google.com/group/webpy?hl=en. > > > -- > You received this message because you are subscribed to the Google Groups > "web.py" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/webpy?hl=en. -- http://noobz.cc/ http://digitalfolklore.org/ http://contemporary-home-computing.org/1tb/ -- You received this message because you are subscribed to the Google Groups "web.py" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/webpy?hl=en.
