> > What is the more secure way to transfer the modified_on? > Using > session.modified_on > or > form['hidden'].update(modified_on=form.record.modified_on) > and then > request.post_vars.modified_on > ? > I ask this because there is an option to make session secure when using > HTTPS. >
If there is some reason you want to keep the modified_on value a secret, the session will be more secure (the user has no access to the session data). However, using the session (properly) can be more complex. First, what happens if the user opens multiple edit forms in different browser tabs? If you always use the same session key to store the modified_on value, each new form that is opened will overwrite the value of the previous form. To prevent that, you would likely want the key to include the record ID as well. But then you have to worry about deleting old keys from the session so it doesn't grow indefinitely. If you instead use a form hidden field, you don't have to worry about any of this. Anthony -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
