I seem to have misread, apparently it's the cookiehandler that's insecure. What is insecure about this handler and what is the handler normally used for?
2012/6/4 Dragan Espenschied <d...@a-blast.org> > You can solve this problem by prepending a session id to all URLs, for > example > like this: > > http://myproject.com/akdf73qztu/login > http://myproject.com/akdf73qztu/profile > > And from then on only use relative URLs. > > Am 04.06.2012 17:10, schrieb Shannon Cruey: > > Also, as being discussed on another thread, cookies are scoped to the > browser, > > not specific tabs/windows. So, if you're using session for user state, > there > > will be issues if you try to use your app as two different users in two > > different browser tabs. > > > > On Mon, Jun 4, 2012 at 10:39 AM, Dragan Espenschied <d...@a-blast.org > > <mailto:d...@a-blast.org>> wrote: > > > > The implementation of sessions via cookies in webpy is just as > "secure" as many > > other implementations: A cookie is set with a randomly generated id > that points > > to a source containing a dictionary. If you use database storage for > the > > sessions or do not use the file storage within a publicly accessible > directory, > > that is "secure enough" for most cases. All other security measures > one could > > take (to prevent "session riding") are design decisions that affect > the usage of > > your web site. > > > > So I don't think there are any problems with session security. > > > > Am 04.06.2012 15:59, schrieb Lucas Kauffman: > > > I read on the webpy website that cookies aren't considered secure > to use > > at the > > > moment. However webpy keeps track of sessions with cookies, does > this mean > > > webpy's sessions aren't secure? > > > > > > Kind regards, > > > Lucas Kauffman > > > > > > -- > > > You received this message because you are subscribed to the Google > Groups > > > "web.py" group. > > > To post to this group, send email to webpy@googlegroups.com > > <mailto:webpy@googlegroups.com>. > > > To unsubscribe from this group, send email to > > webpy+unsubscr...@googlegroups.com > > <mailto:webpy%2bunsubscr...@googlegroups.com>. > > > For more options, visit this group at > > http://groups.google.com/group/webpy?hl=en. > > > > -- > > http://noobz.cc/ > > http://digitalfolklore.org/ > > http://contemporary-home-computing.org/1tb/ > > > > -- > > You received this message because you are subscribed to the Google > Groups > > "web.py" group. > > To post to this group, send email to webpy@googlegroups.com > > <mailto:webpy@googlegroups.com>. > > To unsubscribe from this group, send email to > > webpy+unsubscr...@googlegroups.com > > <mailto:webpy%2bunsubscr...@googlegroups.com>. > > For more options, visit this group at > > http://groups.google.com/group/webpy?hl=en. > > > > > > -- > > You received this message because you are subscribed to the Google Groups > > "web.py" group. > > To post to this group, send email to webpy@googlegroups.com. > > To unsubscribe from this group, send email to > webpy+unsubscr...@googlegroups.com. > > For more options, visit this group at > http://groups.google.com/group/webpy?hl=en. > > -- > http://noobz.cc/ > http://digitalfolklore.org/ > http://contemporary-home-computing.org/1tb/ > > -- > You received this message because you are subscribed to the Google Groups > "web.py" group. > To post to this group, send email to webpy@googlegroups.com. > To unsubscribe from this group, send email to > webpy+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/webpy?hl=en. > > -- You received this message because you are subscribed to the Google Groups "web.py" group. To post to this group, send email to webpy@googlegroups.com. To unsubscribe from this group, send email to webpy+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/webpy?hl=en.
