Hi, I'm using .23 until .3 is released. Is there a standard way of handing logged in users without sessions?
At the moment, I'm using cookies. Upon a successful login, two cookies are sent to the user. One is basically a boolean identifying the user as logged in. The other is a random md5 hash. This hash is also stored in the user's record in the database. Each time a sensitive piece of user data is displayed (or db data is updated) this cookie's value is compared the the hash in the user's db record to authenticate the user. Is this a "secure" and proficient workaround? Am I overlooking anything? Thanks, Nick --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web.py" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/webpy?hl=en -~----------~----~----~----~------~----~------~--~---
