I seem to have misread, apparently it's the cookiehandler that's insecure. What is insecure about this handler and what is the handler normally used for?
2012/6/4 Dragan Espenschied <[email protected]> > You can solve this problem by prepending a session id to all URLs, for > example > like this: > > http://myproject.com/akdf73qztu/login > http://myproject.com/akdf73qztu/profile > > And from then on only use relative URLs. > > Am 04.06.2012 17:10, schrieb Shannon Cruey: > > Also, as being discussed on another thread, cookies are scoped to the > browser, > > not specific tabs/windows. So, if you're using session for user state, > there > > will be issues if you try to use your app as two different users in two > > different browser tabs. > > > > On Mon, Jun 4, 2012 at 10:39 AM, Dragan Espenschied <[email protected] > > <mailto:[email protected]>> wrote: > > > > The implementation of sessions via cookies in webpy is just as > "secure" as many > > other implementations: A cookie is set with a randomly generated id > that points > > to a source containing a dictionary. If you use database storage for > the > > sessions or do not use the file storage within a publicly accessible > directory, > > that is "secure enough" for most cases. All other security measures > one could > > take (to prevent "session riding") are design decisions that affect > the usage of > > your web site. > > > > So I don't think there are any problems with session security. > > > > Am 04.06.2012 15:59, schrieb Lucas Kauffman: > > > I read on the webpy website that cookies aren't considered secure > to use > > at the > > > moment. However webpy keeps track of sessions with cookies, does > this mean > > > webpy's sessions aren't secure? > > > > > > Kind regards, > > > Lucas Kauffman > > > > > > -- > > > You received this message because you are subscribed to the Google > Groups > > > "web.py" group. > > > To post to this group, send email to [email protected] > > <mailto:[email protected]>. > > > To unsubscribe from this group, send email to > > [email protected] > > <mailto:webpy%[email protected]>. > > > For more options, visit this group at > > http://groups.google.com/group/webpy?hl=en. > > > > -- > > http://noobz.cc/ > > http://digitalfolklore.org/ > > http://contemporary-home-computing.org/1tb/ > > > > -- > > You received this message because you are subscribed to the Google > Groups > > "web.py" group. > > To post to this group, send email to [email protected] > > <mailto:[email protected]>. > > To unsubscribe from this group, send email to > > [email protected] > > <mailto:webpy%[email protected]>. > > For more options, visit this group at > > http://groups.google.com/group/webpy?hl=en. > > > > > > -- > > You received this message because you are subscribed to the Google Groups > > "web.py" group. > > To post to this group, send email to [email protected]. > > To unsubscribe from this group, send email to > [email protected]. > > For more options, visit this group at > http://groups.google.com/group/webpy?hl=en. > > -- > http://noobz.cc/ > http://digitalfolklore.org/ > http://contemporary-home-computing.org/1tb/ > > -- > You received this message because you are subscribed to the Google Groups > "web.py" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/webpy?hl=en. > > -- You received this message because you are subscribed to the Google Groups "web.py" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/webpy?hl=en.
