Hi Claudio, killing the session will not save you from checking the logged_in value, because webpy sends a session cookie with every request.
If your user has logged out and you kill the session, they will get a new session generated even on the "you successfully logged out" page. Maybe there is a way of controlling webpy's session cookie more fine-grained, on a per-request basis? Would be interesting to hear some expert opinion. Bests, Dragan Am 17.07.2013 17:10, schrieb Claudio Dusan Vega Ozuljevich: > Hi guys! > > I got a session.logged_in=True, but when I log out I think the safer > way to do it is not session.logged_in=False, instead killing the > session would a better idea, right? So the Session ID changes every > time there is a log in. > > am I right? or do you have any better ideas? > -- http://1x-upon.com/~despens/ >NEW!< http://noobz.cc/ http://contemporary-home-computing.org/1tb/ -- You received this message because you are subscribed to the Google Groups "web.py" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/webpy. For more options, visit https://groups.google.com/groups/opt_out.
