Ah. Thanks for that. I don't have full control over what goes into session. I was suspicious because something which worked normally did not work when I was impersonating a user. I did notice the rather large amount of info stored in the session while impersonating, which got me wondering.
I suppose Redis is probably a more reliable solution at this point. Some day we may be able to divide our session data into multiple cookies and take advantage of the 4K per cookie limit. (At least I assume it is "per cookie"). It's probably a crutch that we've been able to ignore the amount of session data all these years with web2py. It made my session fat and lazy! -- Joe On Thursday, September 27, 2018 at 3:51:37 PM UTC-7, Anthony wrote: > > You'll be limited to 4KB (post-encryption). I suppose a reasonable > alternative would be to use sessionStorage or localStorage in the browser > (depending on your use case). > > Also, there is a bug if using cookie sessions with AuthAPI (as opposed to > Auth) -- on logout, if the session is empty (i.e., nothing left after > auth.user is removed), then web2py does not send a replacement cookie > (because there is no data), so the browser simply sends the original cookie > right back on the next request, and the user is still logged in. The > workaround is on logout, add some dummy data to the session just to force > web2py to send a new cookie to the browser to replace the old one. Note, > quite incidentally, this bug does not affect Auth because the logout method > in Auth adds "flash" to the session after logout, which forces a new cookie > to be sent to the browser. > > Anthony > > On Thursday, September 27, 2018 at 12:17:28 PM UTC-4, Joe Barnhart wrote: >> >> I love the new(?) capability of storing the session information in a >> browser cookie. Mainly because I'm lazy and don't want the responsibility >> of determining when to throw out sessions and manage them on my end. >> >> I added this to my app: >> >> session.connect(request, response, >> cookie_key="mylittleponytasteslikechicken") >> >> Everything works.... mostly. I have seen some corner cases not working >> correctly, such as a form that doesn't have a "formkey" stored in the >> session when I am impersonating a user. Paging thru the session variable >> in this last case I noticed there's a LOT of stuff in the session, and I >> wonder if the size of the cookie might be causing its truncation? >> >> What are the practical limits of using browser cookies to hold session >> data, and are there workaround for large-ish sessions? >> >> Joe >> >> -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
