[web2py] Re: SQLFORM doesn't work when browser cookies are disabled

Fri, 30 Dec 2016 06:28:44 -0800 

By default, forms include a hidden _formkey field, with the formkey also 
stored in the session. Upon submission, if the submitted formkey does not 
match one in the session, the submission is rejected -- this prevents CSRF 
attacks as well as double submission. If you set session=None, you disable 
this functionality. In that case, you must create your own mechanism to 
prevent CSRF attacks and double submissions (could be tricky without 
sessions/cookies).
Why can't you use cookies?

Anthony

On Friday, December 30, 2016 at 4:34:38 AM UTC-5, Gaurav Vichare wrote:
>
>
> After disabling firefox browser cookies, SQLFORM is unable to accept the 
> form, values are not inserted in db, also it does not show any errors. It 
> just submits the form and returns new empty form. Does SQLFORM work only 
> when cookies are enabled?
>
> I am able to submit the form successfully by adding argument  session=None
>  and formname=None to SQLFORM.proccess(), but it adds another issue- form 
> double submission. when page is refreshed after submission, it resubmits 
> the values.
>
> How to use SQLFORM when cookies are disabled, also prevent double 
> submission?
>
> Code:
>
> #models/db.py
> db.define_table("person", Field("name", "string"))
> # controllers/default.py
> def add_person():
>     form = SQLFORM(db.person)    # if form.process(session=None, 
> formname=None).accepted:
>     if form.process().accepted:
>         response.flash = "form accepted"
>     elif form.errors:
>         response.flash = "form has errors"
>     return dict(form=form)
>
>
> <!-- views/default/add_person.html -->
> {{extend "layout.html"}}
>
> {{=form}}
>
>
>
> Thank You
>
> - Gaurav Vichare
>
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to