Roger Haase wrote:
> ...and these from line 58:
>
> # Check if they can successfully log in. The loginid
>must match
> what was previously
> # sent.
> if request.field('loginid', 'nologin')==loginid and
> self.loginUser(username, password):
> # Successful login.
> # Clear out the login parameters
> request.delField('username')
> request.delField('password')
> request.delField('login')
> request.delField('loginid')
>
> I have never understood where session.value('loginid') is being set,
> why it is being deleted if it exists, why the incoming id must match
> the old value, and what is the benefit of doing request.delField(...).
loginid is set in login.py, another Example page. The answers to the
others aren't clear to me, except that perhaps it is supposed to be a
defense against replay attacks.
--
Randall Randall <[EMAIL PROTECTED]>
"[The] poetic justice of cause and effect compels
respect, compassion." -- Faithless, God is a DJ.
-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
_______________________________________________
Webware-discuss mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/webware-discuss
