web2py：Complete Reference Manual, 6th Edition

Table of Contents

• 00 Preface
• 01 Introduction
• 02 The Python language
• 03 Overview
• 04 The core
• 05 The views
• 06 The database abstraction layer
• 07 Forms and validators
• 08 Emails and SMS
• 09 Access Control
• 10 Services
• 11 jQuery and Ajax
• 12 Components and plugins
• 13 Deployment recipes
• 14 Other recipes
• 15 Helping web2py
  

I believe that the ability to easily build high quality web applications is of critical importance for the growth of a free and open society. This prevents the biggest players from monopolizing the flow of information.

Hence I started the web2py project in 2007, primarily as a teaching tool with the goal of making web development easier, faster, and more secure. Over time, it has managed to win the affection of thousands of knowledgeable users and hundreds of developers. Our collective effort has created one of the most full-featured Open Source Web Frameworks for enterprise web development.

As a result, in 2011, web2py won the Bossie Award for best Open Source Development Software, and in 2012 it won the Technology of the Year award from InfoWorld.

As you will learn in the following pages, web2py tries to lower the barrier of entry to web development by focusing on three main goals:

Ease of use. This means reducing the learning and deployment time as well as development and maintenance costs. This is why web2py is a full-stack framework without dependencies. It requires no installation and has no configuration files. Everything works out of the box, including a web server, database and a web-based IDE that gives access to all the main features. The API includes just 12 core objects, which are easy to work with and memorize. It can interoperate with most web servers, databases and all Python libraries.

Rapid development. Every function of web2py has a default behavior (which can be overridden). For example, as soon as you have specified your data models, you will have access to a web-based database administration panel. Also, web2py automatically generates forms for your data and it allows you to easily expose the data in HTML, XML, JSON, RSS, etc. web2py provides some high level widgets such as the wiki and the grid to rapidly build complex applications.

Security. The web2py Database Abstraction Layer (DAL) eliminates SQL Injections. The template language prevents Cross Site Scripting vulnerabilities. The forms generated by web2py provide field validation and block Cross Site Request Forgeries. Passwords are always stored hashed. Sessions are stored server-side by default to prevent Cookie Tampering. Session cookies are UUID to prevent Session Hijacking.

web2py is built from the user perspective and is constantly being optimized internally to become faster and leaner, whilst always maintainingbackwards compatibility.

web2py provides its users with the generous freedoms of the LGPL open source licence. If you benefit from it, I hope you will feel encouraged to pay it forward by contributing back to society in whatever form you choose.

1. Cookies
   
2. web2py uses the Python cookies modules for handling cookies.
   
3. 
   
4. Cookies from the browser are in request.cookies and cookies sent by the server are in response.cookies.
   
5. 
   
6. You can set a cookie as follows:
   
7. 
   
8. response.cookies['mycookie'] = 'somevalue'
   
9. response.cookies['mycookie']['expires'] = 24 * 3600
   
10. response.cookies['mycookie']['path'] = '/'
    
11. The second line tells the browser to keep the cookie for 24 hours. The third line tells the browser to send the cookie back to any application (URL path) at the current domain. Note, if you do not specify a path for the cookie, the browser will assume the path of the URL that was requested, so the cookie will only be returned to the server when that same URL path is requested.
    
12. 
    
13. The cookie can be made secure with:
    
14. 
    
15. response.cookies['mycookie']['secure'] = True
    
16. This tells the browser only to send the cookie back over HTTPS and not over HTTP.
    
17. 
    
18. The cookie can be retrieved with:
    
19. 
    
20. if request.cookies.has_key('mycookie'):
    
21.     value = request.cookies['mycookie'].value
    
22. Unless sessions are disabled, web2py, under the hood, sets the following cookie and uses it to handle sessions:
    
23. 
    
24. response.cookies[response.session_id_name] = response.session_id
    
25. response.cookies[response.session_id_name]['path'] = "/"
    
26. Note, if a single application includes multiple subdomains, and you want to share the session across those subdomains (e.g., sub1.yourdomain.com, sub2.yourdomain.com, etc.), you must explicitly set the domain of the session cookie as follows:
    
27. 
    
28. if not request.env.remote_addr in ['127.0.0.1', 'localhost']:
    
29.     response.cookies[response.session_id_name]['domain'] = ".yourdomain.com"
    
30. The above can be useful if, for example, you want to allow the user to remain logged in across subdomains.

复制代码