You can solve this problem by prepending a session id to all URLs, for example like this:
http://myproject.com/akdf73qztu/login http://myproject.com/akdf73qztu/profile And from then on only use relative URLs. Am 04.06.2012 17:10, schrieb Shannon Cruey: > Also, as being discussed on another thread, cookies are scoped to the browser, > not specific tabs/windows. So, if you're using session for user state, there > will be issues if you try to use your app as two different users in two > different browser tabs. > > On Mon, Jun 4, 2012 at 10:39 AM, Dragan Espenschied <d...@a-blast.org > <mailto:d...@a-blast.org>> wrote: > > The implementation of sessions via cookies in webpy is just as "secure" > as many > other implementations: A cookie is set with a randomly generated id that > points > to a source containing a dictionary. If you use database storage for the > sessions or do not use the file storage within a publicly accessible > directory, > that is "secure enough" for most cases. All other security measures one > could > take (to prevent "session riding") are design decisions that affect the > usage of > your web site. > > So I don't think there are any problems with session security. > > Am 04.06.2012 15:59, schrieb Lucas Kauffman: > > I read on the webpy website that cookies aren't considered secure to use > at the > > moment. However webpy keeps track of sessions with cookies, does this > mean > > webpy's sessions aren't secure? > > > > Kind regards, > > Lucas Kauffman > > > > -- > > You received this message because you are subscribed to the Google > Groups > > "web.py" group. > > To post to this group, send email to webpy@googlegroups.com > <mailto:webpy@googlegroups.com>. > > To unsubscribe from this group, send email to > webpy+unsubscr...@googlegroups.com > <mailto:webpy%2bunsubscr...@googlegroups.com>. > > For more options, visit this group at > http://groups.google.com/group/webpy?hl=en. > > -- > http://noobz.cc/ > http://digitalfolklore.org/ > http://contemporary-home-computing.org/1tb/ > > -- > You received this message because you are subscribed to the Google Groups > "web.py" group. > To post to this group, send email to webpy@googlegroups.com > <mailto:webpy@googlegroups.com>. > To unsubscribe from this group, send email to > webpy+unsubscr...@googlegroups.com > <mailto:webpy%2bunsubscr...@googlegroups.com>. > For more options, visit this group at > http://groups.google.com/group/webpy?hl=en. > > > -- > You received this message because you are subscribed to the Google Groups > "web.py" group. > To post to this group, send email to webpy@googlegroups.com. > To unsubscribe from this group, send email to > webpy+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/webpy?hl=en. -- http://noobz.cc/ http://digitalfolklore.org/ http://contemporary-home-computing.org/1tb/ -- You received this message because you are subscribed to the Google Groups "web.py" group. To post to this group, send email to webpy@googlegroups.com. To unsubscribe from this group, send email to webpy+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/webpy?hl=en.
