You'll be limited to 4KB (post-encryption). I suppose a reasonable alternative would be to use sessionStorage or localStorage in the browser.
Also, there is a bug if using cookie sessions with AuthAPI (as opposed to Auth) -- on logout, if the session is empty (i.e., nothing left after auth.user is removed), then web2py does not send a replacement cookie (because there is no data), so the browser simply sends the original cookie right back on the next request, and the user is still logged in. The workaround is on logout, add some dummy data to the session just to force web2py to send a new cookie to the browser to replace the old one. Note, quite incidentally, this bug does not affect Auth because the logout method in Auth adds "flash" to the session after logout, which forces a new cookie to be sent to the browser. Anthony On Thursday, September 27, 2018 at 12:17:28 PM UTC-4, Joe Barnhart wrote: > > I love the new(?) capability of storing the session information in a > browser cookie. Mainly because I'm lazy and don't want the responsibility > of determining when to throw out sessions and manage them on my end. > > I added this to my app: > > session.connect(request, response, > cookie_key="mylittleponytasteslikechicken") > > Everything works.... mostly. I have seen some corner cases not working > correctly, such as a form that doesn't have a "formkey" stored in the > session when I am impersonating a user. Paging thru the session variable > in this last case I noticed there's a LOT of stuff in the session, and I > wonder if the size of the cookie might be causing its truncation? > > What are the practical limits of using browser cookies to hold session > data, and are there workaround for large-ish sessions? > > Joe > > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
