Thanks Anthony, this is very helpful. In my case, to ignore users who disable cookies and only show message to enable cookies is best solution. Prevention to CSRF attack and Double submission is more important in my case.
Thanks! On Friday, December 30, 2016 at 10:11:18 PM UTC+5:30, Anthony wrote: > > On Friday, December 30, 2016 at 10:50:12 AM UTC-5, Gaurav Vichare wrote: >> >> Thanks Anthony for reply! I used session=None because SQLFORM was not >> working on disabling browser cookies. >> >> Why can't you use cookies? >> >> Currently I am using session and cookies, but I am worried about the >> users who disable/block their browser cookies (don't know % of such >> users). >> >> I disabled my browser cookies from browser settings, then I am not able >> to submit form successfully. So how can I make my web2py >> application(/SQLFORM) to work for users who disable their browser cookies? >> SQLFORM will not work if browser cookies are disabled? >> > > People should not expect to be able to use websites that require form > submissions and other types of user inputs and private data exchanges > without cookies enabled. If you have users with cookies disabled, show them > a message indicating cookies are required for some of the website > functionality. They can always add an exception for your site. > > I suppose you could move the session identifier to the URL query string, > but that is less secure (if someone shares a URL, it provides access to > their session). Another option would be to send a session identifier in the > body of the initial page load and handle all subsequent requests via Ajax, > sending the session identifier each time. But you'll need to architect a > single page app in that case. > > If you have no worries about CSRF attacks on the form in question, then > feel free to set session=None, but it won't stop double submission (though > as noted, you can minimize that via a redirect, or otherwise implement your > own server-side solution to track whether a submission has been duplicated). > > Anthony > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
