session.secure()
means that your require HTTPS else the session cookie is not
communicated for security reasons.
even without the change admin works if you go over HTTPS or use an SSH
tunnel. Any other option would not be secure.
On Dec 3, 12:01 pm, Adolfo <avizca...@gmail.com> wrote:
> Hello
>
> I've been working with an appplication using appadmin as a reference
> por giving maintence to the database but when i release it i have a
> problem because the controllers have la following code and no one but
> localhost can get access to them
>
> http_host = request.env.http_host.split(':')[0]
> remote_addr = request.env.remote_addr
> try:
> hosts = (http_host, socket.gethostname(),
> socket.gethostbyname(http_host),
> '::1','127.0.0.1','::ffff:127.0.0.1')
> except:
> hosts = (http_host, )
>
> if request.env.http_x_forwarded_for or request.env.wsgi_url_scheme\
> in ['https', 'HTTPS']:
> session.secure()
> elif remote_addr not in hosts:
> raise HTTP(200, T('appadmin is disabled because insecure
> channel'))
> if not gluon.fileutils.check_credentials(request):
> redirect('/admin')
>
> so i changed the last part to
>
> if not gluon.fileutils.check_credentials(request):
> session.secure()
>
> and now everyone can get access to the controller but (im using CAS)
> after i access to the controller my session token gets lost
>
> Id like to know if theres a way i can keep using this part of the code
> but limiting ir some networks or how can i keep my token without
> loosing it
>
> thanx
>
> Adolfo
--
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To post to this group, send email to web...@googlegroups.com.
To unsubscribe from this group, send email to
web2py+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/web2py?hl=en.
