[albatross-users] sessions vars question
Denis Toporov
toporov at dataart.com
Sat Mar 12 04:18:16 EST 2005
Hello,
it is very fun to work with server sessions in albatross.
for example I have session variable 'name'
I create local contex variable ctx.locals.name = 'username'
Add it to session ctx.add_session_vars('name').
And after it I felt myself relaxed about value stored in session
'name' variable.
So I need this session variable value from time to time. I'm using
RandomModularSessionAppication.
In my code I have method:
def process_request(ctx):
.....
.....
user.name = ctx.locals.name #(I dont sure that this is correct
way how to get session variable value)
....
....
And actually this works. BUT if I add to browser request string
something like
http://host/mypage?name='qqqqqqq'
I have in my code that user name not 'username' any more, but
'qqqqqqq'.
So I cannot belive that it could be so "secure" have server side
session vars.
It's same to store session vars in input hidden fields in browser.
What's wrong with it?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.object-craft.com.au/pipermail/albatross-users/attachments/20050311/d727d9bb/attachment.html>
More information about the Albatross-users
mailing list