Also, as being discussed on another thread, cookies are scoped to the browser, not specific tabs/windows. So, if you're using session for user state, there will be issues if you try to use your app as two different users in two different browser tabs.
On Mon, Jun 4, 2012 at 10:39 AM, Dragan Espenschied <d...@a-blast.org> wrote: > The implementation of sessions via cookies in webpy is just as "secure" as > many > other implementations: A cookie is set with a randomly generated id that > points > to a source containing a dictionary. If you use database storage for the > sessions or do not use the file storage within a publicly accessible > directory, > that is "secure enough" for most cases. All other security measures one > could > take (to prevent "session riding") are design decisions that affect the > usage of > your web site. > > So I don't think there are any problems with session security. > > Am 04.06.2012 15:59, schrieb Lucas Kauffman: > > I read on the webpy website that cookies aren't considered secure to use > at the > > moment. However webpy keeps track of sessions with cookies, does this > mean > > webpy's sessions aren't secure? > > > > Kind regards, > > Lucas Kauffman > > > > -- > > You received this message because you are subscribed to the Google Groups > > "web.py" group. > > To post to this group, send email to webpy@googlegroups.com. > > To unsubscribe from this group, send email to > webpy+unsubscr...@googlegroups.com. > > For more options, visit this group at > http://groups.google.com/group/webpy?hl=en. > > -- > http://noobz.cc/ > http://digitalfolklore.org/ > http://contemporary-home-computing.org/1tb/ > > -- > You received this message because you are subscribed to the Google Groups > "web.py" group. > To post to this group, send email to webpy@googlegroups.com. > To unsubscribe from this group, send email to > webpy+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/webpy?hl=en. > > -- You received this message because you are subscribed to the Google Groups "web.py" group. To post to this group, send email to webpy@googlegroups.com. To unsubscribe from this group, send email to webpy+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/webpy?hl=en.
