The form can be forced to work without sessions but I strongly advise against doing it, for security reasons (CSRF protection, etc.):
if form.process(session=None).accepted: ...code... Regards, Ales On Wednesday, August 21, 2013 2:14:12 AM UTC+2, Ricardo Pedroso wrote: > > > On Wed, Aug 21, 2013 at 12:26 AM, <arche...@gmail.com <javascript:>>wrote: > >> session.forget(response) prevents SQLFORM.factory from working. Is this >> supposed to happen? If so, why? I was hoping it would prevent the session >> files from being written. >> >> > To secure forms submission web2py needs to store an hash in the session > to, after form submission, compare that hash previously > stored with the one that goes in the POST. > > Check the html that web2py generates for your form and you will see that > hash, it's in an hidden field with name="_formkey" > -- --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
