Massimo,
Point noted; will henceforth report to dev-list, if I come across such
issues.
Thanks for fixing this one.
________________________________________
Kiran Subbaraman
http://subbaraman.wordpress.com/about/
On Mon, 03-03-2014 6:59 PM, Massimo Di Pierro wrote:
I will check and release a patch soon. Please do not discuss possible
security issues on this mailing list. Report them to the developers
directly.
On Monday, 3 March 2014 02:06:05 UTC-6, Kiran Subbaraman wrote:
I see this in 2.9.2 too (Just tested with the latest release)
On Monday, March 3, 2014 1:25:14 PM UTC+5:30, Kiran Subbaraman wrote:
Hello,
I noticed this issue recently related to user session data.
In my application I store some user specific session data, so
that I do
not have to hit the database everytime (now, am also looking
at using
the cache for that, instead of session).
If userA is logged into the application, and then userA auth
session
expires, a login screen is presented. In case login is
performed with
userB's credentials, the session data from userA is still
available, and
is displayed on userB's screen.
I have created a minimal app to demonstrate the issue that I
see. Also
take a look at the screenshots. Notice the session.userdata
variable's
value.
Tested this on web2py 2.8.2, on Windows 8.
This is my controller code:
@auth.requires_login()
def index():
...
if session['userdata'] is None:
session.userdata = auth.user.first_name
I am suspecting this is an issue / bug. Can anyone confirm?
This issue does not arise, if the user explicitly logs out of
a session,
or the browser window is closed (I have set my browser to
clear all
cookies data when it is closed)
--
________________________________________
Kiran Subbaraman
http://subbaraman.wordpress.com/about/
<http://subbaraman.wordpress.com/about/>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google
Groups "web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups "web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
