[albatross-users] Finding Saved Values in Sessions
Dave Cole
djc at object-craft.com.au
Mon Aug 19 10:27:05 EST 2002
>>>>> "Mike" == Mike Barrett <mike at daboyz.org> writes:
Mike> Cool, thank you for the fast response. I have a question
Mike> though: What would be the best way about discovering if
Mike> something is saved in the session object? If I look in locals
Mike> for isAuthenticated, then can't someone just provide a GET
Mike> request with something like
Mike> http://site/blah.py?isAuthenticated=1 and it will be in the
Mike> locals namespace?
Unfortunately yes.
The only "easy" way around this is to store the userid and password in
the session and revalidate every request.
I suppose it would be nice if there was a way to protect some values
in the local namespace from modification by request merging.
Mike> Also, one more question: Is there anyway to make <al-form> use
Mike> the POST method rather than GET?
<al-form method="post">
Mike> Thanks for all your help.
My pleasure.
- Dave
--
http://www.object-craft.com.au
More information about the Albatross-users
mailing list