<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
For a secured session variable, prepend the variable name with an
underscore to avoid this. e.g. ``ctx.locals._name``<br>
<br>
Denis Toporov wrote:
<blockquote
cite="mid74077C8AA24C5047AA55164003DFBE8803839D89@exchange.universe.dart.spb"
type="cite">
<meta http-equiv="Content-Type" content="text/html; ">
<meta name="Generator" content="MS Exchange Server version 6.0.6249.1">
<title>sessions vars question</title>
<!-- Converted from text/plain format -->
<p><font size="2">Hello,<br>
<br>
it is very fun to work with server sessions in albatross.<br>
for example I have session variable 'name'<br>
I create local contex variable ctx.locals.name = 'username'<br>
Add it to session ctx.add_session_vars('name').<br>
<br>
And after it I felt myself relaxed about value stored in session
'name' variable.<br>
<br>
So I need this session variable value from time to time. I'm using
RandomModularSessionAppication.<br>
In my code I have method:<br>
def process_request(ctx):<br>
.....<br>
.....<br>
user.name = ctx.locals.name #(I dont sure that this is correct
way how to get session variable value)<br>
....<br>
....<br>
<br>
And actually this works. BUT if I add to browser request string
something like<br>
<a href="http://host/mypage?name=%27qqqqqqq%27">http://host/mypage?name='qqqqqqq'</a><br>
<br>
I have in my code that user name not 'username' any more, but
'qqqqqqq'.<br>
<br>
So I cannot belive that it could be so "secure" have server side
session vars.<br>
It's same to store session vars in input hidden fields in browser.<br>
<br>
What's wrong with it?</font>
</p>
</blockquote>
<br>
<div class="moz-signature">-- <br>
<font color="#999999">__________________________________ </font>
<p> <a class="address" style="text-decoration: none;"
href="mailto:gabriel.cooper@mediapulse.com"><font font=""
color="#000000" face="Myriad Pro, Arial, Helvetica, sans-serif"
size="2"><b>gabriel.cooper</b></font><font color="#808080"
face="Myriad Pro, Arial, Helvetica, sans-serif" size="2">@mediapulse.com</font></a><br>
<font color="#808080" face="Myriad Pro, Arial, Helvetica, sans-serif"
size="2"> internet developer<br>
865.675.4455 x32<br>
800.380.4514</font> </p>
<p><a class="address" style="text-decoration: none;"
href="http://www.mediapulse.com/"><font color="#a51c1e"
face="Myriad Pro, Arial, Helvetica, sans-serif" size="2">www.mediapulse.com</font></a><br>
<font color="#999999">__________________________________</font></p>
</div>
</body>
</html>