The implementation of sessions via cookies in webpy is just as "secure" as many other implementations: A cookie is set with a randomly generated id that points to a source containing a dictionary. If you use database storage for the sessions or do not use the file storage within a publicly accessible directory, that is "secure enough" for most cases. All other security measures one could take (to prevent "session riding") are design decisions that affect the usage of your web site.
So I don't think there are any problems with session security. Am 04.06.2012 15:59, schrieb Lucas Kauffman: > I read on the webpy website that cookies aren't considered secure to use at > the > moment. However webpy keeps track of sessions with cookies, does this mean > webpy's sessions aren't secure? > > Kind regards, > Lucas Kauffman > > -- > You received this message because you are subscribed to the Google Groups > "web.py" group. > To post to this group, send email to webpy@googlegroups.com. > To unsubscribe from this group, send email to > webpy+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/webpy?hl=en. -- http://noobz.cc/ http://digitalfolklore.org/ http://contemporary-home-computing.org/1tb/ -- You received this message because you are subscribed to the Google Groups "web.py" group. To post to this group, send email to webpy@googlegroups.com. To unsubscribe from this group, send email to webpy+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/webpy?hl=en.
