On Wednesday, November 8, 2017 at 11:17:37 AM UTC-5, Pierre wrote: > > yes of course but Leonel your use-case looks very similar to the Auth case > (i mean user_signature=true + @auth.requires_signature) . It's also a one > hmac_key per user|client case. Actually i am not so much interested in why > should a url be signed: what i'd like to achieve is mimic Auth signature > case in the context of 'no-auth' signature. I've found this post: > > https://groups.google.com/forum/#!msg/web2py/xnKA-4nnfeM/0OrWhCEInxsJ > > and right now i am generating a *session.hmac_key* via > *auth.settings.login_onaccept > = [generate_hmac_key*] as Anthony suggested in this post > don't know if this is effective ? >
It's not quite clear what you are trying to achieve. If you are using Auth and having users log in, why not use URL(..., user_signature=True) and @auth.requires_signature()? What is your desired workflow? > i guess this forbids usage of both *@auth.requires_login* and > *session.forget()* in the same function > You should be able to use both. session.forget() simply prevents any changes in the session during the current request from being written to the session (it is often called as session.forget(response), which also unlocks the session file, enabling other requests to access the file). > signature is very confusing.........and so is the session object (when is > it alive? when is it dead ?) > Unless you completely disable sessions, the session object is always available in the web2py environment (though it may be empty). As noted above, you can prevent changes being written to the session within a given request by calling session.forget() -- but even after doing that, you can still access the content of the session. Anthony -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
