thank you Antony, now everything makes sense.
carlo
Il 28/04/2013 20.43, Anthony ha scritto:
Actually, it only appeared to be working prior to 2.2.1. What happened
with prior versions is that you inadvertently turned off your CSRF
protection. In earlier versions, session.clear() would completely
clear the session, so you ended up passing an empty session to
form.accepts(). Because the session was empty, it skipped the _formkey
check altogether (just as if you hadn't passed the session in at all).
More recently, the session object was changed so it always includes a
_session_hash, even after you call session.clear(). So, now if you do
session.clear() right before calling form.accepts(), it will no longer
skip the _formkey check, and instead you'll get a failure to pass the
check (because the _formkey has been removed from the session).
Anthony
On Saturday, April 27, 2013 4:48:44 AM UTC-4, carlo wrote:
Thank you Anthony,
never spotted that error because as I said until version 2.2.1 it
was working anyway, maybe session.clear() did not behave as expected?
Carlo
Il 26/04/2013 18:41, Anthony ha scritto:
At the beginning of the function you clear the session, yet the
form's _formkey is stored in the session. If you pass the session
to form.accepts(), it checks for the _formkey and will not accept
the form if it is not found. This code would not have worked in
any prior version of web2py. Note, you need the session and
_formkey to protect against CSRF attacks (and double submission).
Anthony
On Friday, April 26, 2013 12:26:29 PM UTC-4, carlo wrote:
Hi, a strange problem with the latest version and Python 2.5
This action works fine in version 2.2.1 and before.
Now hitting Submit there is no redirection, the page just
reloads, no errors.
What is the problem? Thank you.
def creanuovo_1():
import datetime
session.clear()
now=datetime.date.today()
now=now.strftime("%d-%m-%Y")
form = SQLFORM(db.preventivi,fields =
['id_clienti','id_agente','compil','data_prev','id_tipo','descriz_est','descriz_br','copie_nom','note'],\
col3 = {'id_clienti':SPAN("a chi andrĂ
intestata l'offerta",_style='color:grey'),'compil':SPAN('nome
di chi
compila',_style='color:grey'),'id_tipo':SPAN('descrizione
generica del
prodotto',_style='color:gray'),'descriz_est':SPAN('descrizione per
il cliente',_style='color:gray'),'note':SPAN('eventuali note
aggiuntive',_style='color:gray'),'descriz_br':SPAN('descrizione
per i reparti',_style='color:grey')},submit_button='Avanti')
if form.accepts(request.vars, session, dbio=False):
session.anagrafica=dict(form.vars)
cliente=db(db.clienti.id
<http://db.clienti.id>==session.anagrafica['id_clienti']).select(db.clienti.ragsoc)[0]['ragsoc']
tipo=db(db.tipo_prodotto.id
<http://db.tipo_prodotto.id>==session.anagrafica['id_tipo']).select(db.tipo_prodotto.descriz)[0]['descriz']
session['anagrafica']['cliente']=cliente
session['anagrafica']['tipo']=tipo
session.no_copie_alt=True
redirect(URL('creanuovo_2'))
return dict(form=form)
--
---
You received this message because you are subscribed to a topic
in the Google Groups "web2py-users" group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/web2py/7Qgl-bUBXx4/unsubscribe?hl=en
<https://groups.google.com/d/topic/web2py/7Qgl-bUBXx4/unsubscribe?hl=en>.
To unsubscribe from this group and all its topics, send an email
to web2py+un...@googlegroups.com <javascript:>.
For more options, visit https://groups.google.com/groups/opt_out
<https://groups.google.com/groups/opt_out>.
--
---
You received this message because you are subscribed to a topic in the
Google Groups "web2py-users" group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/web2py/7Qgl-bUBXx4/unsubscribe?hl=en.
To unsubscribe from this group and all its topics, send an email to
web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
--
---
You received this message because you are subscribed to the Google Groups "web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
