On Tuesday, October 16, 2012 11:33:38 AM UTC-5, Niphlod wrote: > > did you even try it (or reading the post) before starting bashing around > :-P ??? > those cookies contains crypted (and signed) data. No user can "read" the > contents. > > It's not meant to be bashing web2py. Massimo said this implementation is like Flask. As such, they are cryptographically signed, but not encrypted. If that is the case, they might be read but not modified.
> On Tuesday, October 16, 2012 5:59:20 PM UTC+2, VP wrote: >> >> I think cookie-based sessions is great for many cases. But in some >> cases, it might not be desirable as clients can see what might be secret >> information. >> >> Why not both? Maybe, two types of sessions, client-side and >> server-side sessions. Although both client and server side sessions are >> meant to maintain states, they are appropriate for different things. >> > --
