> > When you mention "persist the list of flagged users", it mean that there > is no such thing as persistence in web2py and that at each request web2py > is completely "ignorant" about any given state it may find itself in?? >
Well, each request is executed independently, though there are means of persisting state, such as the cache, a database, or the file system. > I guess using session as a persistence mean for make this possible would > involve security issue as we would using user centric persistence option > for storing general information which is sensitive as it provide a list of > ID and possibly other information to make this working... > It's not a security issue, as users are not able to inspect the data in their sessions (even cookie-based sessions are encrypted), but it wouldn't make sense to store a list that needs to be globally accessible across users inside the session of a single user. Sessions are for storing data specific to a particular user (actually, a particular session of a particular user). > > On Tue, Jun 6, 2017 at 12:12 PM, abastardi <notificati...@github.com> > wrote: > >> How could we update someone else auth.user_groups?? Could we issue a one >> time reinitialization command by setting a flag on/off when use >> add_/del_membership?? We can then force a give user to reinit the >> auth.user_groups list on his next request... >> >> That's one approach, but then we need a way to persist the list of >> flagged users (preferably that easily scales horizontally), and there would >> be some cost on every request (at least every request that needs to check >> authorization) to check the list. >> >> Another option would be to keep a record of active session identifiers >> for each user, and whenever a role change occurs, update all of that user's >> active sessions (note, this will not work with cookie-based sessions -- >> only sessions stored on the server). >> >> — >> You are receiving this because you were mentioned. >> Reply to this email directly, view it on GitHub >> <https://github.com/web2py/web2py/issues/1638#issuecomment-306537115>, >> or mute the thread >> <https://github.com/notifications/unsubscribe-auth/ABlWx6Gt8ZtnxuGO79x3KXmuHNK1UC8uks5sBXqJgaJpZM4NviB_> >> . >> > > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
