yes that is a good thing. The bug was introduce in 1.44 released Monday and fixed Wednesday so hopefully every few people were affected. Thanks again for reporting this.
Massimo On Oct 9, 11:05 am, morningovermidnight <[EMAIL PROTECTED]> wrote: > Massimo, > > Thanks for explaining session.secure(), I understand it now. I > appreciate all your quick and helpful replies. About finding a bug, > well I guess if in the end it goes toward making web2py even better, > then it is a good thing. Viva web2py! :-) > > On Oct 9, 1:21 am, mdipierro <[EMAIL PROTECTED]> wrote: > > > You found a bug, I believe this version 1.44 only. The session key (36 > > bytes) does not fit in the table field (32). > > Fixed in trunk now. I will repost 1.45 soon. > > > session.secure() meens that the session cookie will have a flag turned > > on and you will browser will (should) not return it until the > > transmission goes over https. > > This should prevent attackers from stealing your cookies and your > > sessions. > > > You should have session.secure() if your app requires authentication > > of users but if you use session.secure() without https, sessions will > > not work. > > > Massimo > > > On Oct 8, 10:19 pm, morningovermidnight > > > <[EMAIL PROTECTED]> wrote: > > > Ok, so I'm working on this while I'm posting...hoping that either I > > > will figure it out or that someone will reply with the answer, > > > whichever happens first.... :-) > > > > I am working to store sessions in my database. However, when I add to > > > my model: > > > > session.connect(request, response, db=db, tablename='session_record') > > > > I get an error ticket that reads: > > > > value too long for type character varying(32) > > > > I haven't defined the session_records table outside of the definition > > > above. What's going on? Any ideas? > > > > P.S. Also, if you don't mind, would someone explain session.secure()? > > > I just place that in the model as well, correct? Just like: > > > > session.connect(request, response, db=db, tablename='session_record') > > > session.secure() > > > > When I have a secure session, what does that mean exactly? Does that > > > mean traffic will be over https?? (Sorry for the green questions, but > > > this is something at which I'm still new! :-) ) --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web2py Web Framework" group. To post to this group, send email to web2py@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/web2py?hl=en -~----------~----~----~----~------~----~------~--~---
