Yes, of course!
Hmm, under a scenario where someone's opening multiple forms at the
same time (e.g. opening edit forms for multiple blog posts and moving
text around before saving any), you'd actually want instance-specific
tokens, right? (I'm not going to worry about that case for now, but I
could see it being an issue, right?)
On May 30, 8:45 pm, Jason Macgowan <
jasonmacgo...@gmail.com> wrote:
> Ah..I didn't read your code thoroughly enough.
>
> Alas, I have found the problem though:
>
> t_globals['csrf_token'] = csrf_token is only run once (when you run
> blog.py) while your csrf_protect decorator is run at every request.
> This may not be the BEST solution, but changing the GET request in the
> New class to reassign t_globals for each request made it work for me:
>
> class New:
> # ...
> def GET(self):
> t_globals['csrf_token'] = csrf_token()
> form = self.form()
> return render.new(form)
> #...
>
>
>
>
>
>
>
> On Wed, May 30, 2012 at 8:25 PM, Bill Seitz <
flux...@gmail.com> wrote:
> > Is the cookbook wrong about the workaround?
http://webpy.org/cookbook/session_with_reloader