One thing to be aware of when storing sessions in the db rather than the filesystem is that the session is not locked during a request, so if the same user makes multiple requests that affect the session at the same time (e.g., multiple browser windows open or several Ajax requests from the same page), you could get a race condition. Probably not an issue in most cases, but something to be aware of.
Anthony On Friday, March 9, 2012 7:12:40 PM UTC-5, rochacbruno wrote: > > IMHO. CAS is very complicated do deal with.. It is too much easy to use > the same session-db for users. CAS would be a good idea when the > applications are of different technologies. I implemented a web2py app > which serves a CAS to web2py <--> C#/asp application using CAS protocol. > > But to use onky within web2py apps it is very better to simply share the > sessions and data. > > On Fri, Mar 9, 2012 at 8:54 PM, Anthony <abasta...@gmail.com> wrote: > >> On Friday, March 9, 2012 6:43:33 PM UTC-5, pbreit wrote: >>> >>> Might not be a bad idea to have some code available that does sort of a >>> "single-signon" between apps. I doubt I'll get around to it but we'll see. >> >> >> The built-in CAS mechanism does that, no? >> >> >> http://web2py.com/books/default/chapter/29/9#Central-Authentication-Service >> >> > > > > -- > > Bruno Rocha > [http://rochacbruno.com.br] > >
