Thanks Anthony for reply! I used session=None because SQLFORM was not
working on disabling browser cookies.
Why can't you use cookies?
Currently I am using session and cookies, but I am worried about the users
who disable/block their browser cookies (don't know % of such users).
I disabled my browser cookies from browser settings, then I am not able to
submit form successfully. So how can I make my web2py application(/SQLFORM)
to work for users who disable their browser cookies?
SQLFORM will not work if browser cookies are disabled?
Thank You
- Gaurav Vichare
On Friday, December 30, 2016 at 7:58:15 PM UTC+5:30, Anthony wrote:
>
> By default, forms include a hidden _formkey field, with the formkey also
> stored in the session. Upon submission, if the submitted formkey does not
> match one in the session, the submission is rejected -- this prevents CSRF
> attacks as well as double submission. If you set session=None, you disable
> this functionality. In that case, you must create your own mechanism to
> prevent CSRF attacks and double submissions (could be tricky without
> sessions/cookies).
>
> Why can't you use cookies?
>
> Anthony
>
> On Friday, December 30, 2016 at 4:34:38 AM UTC-5, Gaurav Vichare wrote:
>>
>>
>> After disabling firefox browser cookies, SQLFORM is unable to accept the
>> form, values are not inserted in db, also it does not show any errors. It
>> just submits the form and returns new empty form. Does SQLFORM work only
>> when cookies are enabled?
>>
>> I am able to submit the form successfully by adding argument session=
>> None and formname=None to SQLFORM.proccess(), but it adds another issue-
>> form double submission. when page is refreshed after submission, it
>> resubmits the values.
>>
>> How to use SQLFORM when cookies are disabled, also prevent double
>> submission?
>>
>> Code:
>>
>> #models/db.py
>> db.define_table("person", Field("name", "string"))
>> # controllers/default.py
>> def add_person():
>> form = SQLFORM(db.person) # if form.process(session=None,
>> formname=None).accepted:
>> if form.process().accepted:
>> response.flash = "form accepted"
>> elif form.errors:
>> response.flash = "form has errors"
>> return dict(form=form)
>>
>>
>> <!-- views/default/add_person.html -->
>> {{extend "layout.html"}}
>>
>> {{=form}}
>>
>>
>>
>> Thank You
>>
>> - Gaurav Vichare
>>
>>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
