Do you use MEMDB? It could be an issue. On Thursday, 14 November 2013 13:58:56 UTC-6, Joel Rathgaber wrote: > > Does this only apply to GAE use? We use memcache for sessions but not GAE. > > Thanks, > --Joel. > > On Wednesday, November 13, 2013 6:19:14 PM UTC-6, Massimo Di Pierro wrote: >> >> A serious issue has been reported on web2y-developers. The issue has to >> do with the memdb module. You are using it if you use session in Memcache >> on Google App Engine. The bug affects systems on high load and creates >> duplicates sessions (occasionally two users get new session with the same >> id and get to share one session). This is a security issue. There is a >> possible fix in trunk that needs testing. >> >> The issue only affects you if you use sessions in memcache. This is not >> the default behavior. >> >> Massimo >> >
-- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
