On Mon, Apr 7, 2008 at 11:28 AM, Malcolm Tredinnick <
[EMAIL PROTECTED]> wrote:
> Realise that I am in agreement with you that logout (and possibly login,
> I haven't worked through the implications there) should be changed to
> clear the session by default. There's no strong reason not to do that,
> since the session is over when logout is called.
(ignoring the new thread thing since i'm sure i'll miss it later)
Clearing at login-time I'm not at all sure about... reason is that data that
is 'anonymous' data can be transferred from a session into a user account
when they login for lots of sensible uses.
Simple example: a ShoppingCart model that can be related to either a user or
a session, allowing an anonymous user to shop and only login when they head
to the checkout, at which point the cart is transferred from the session to
the user.
Other uses could include preferences, personalisation ("looked at"), A-B
testing, ...
Rob :)
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-developers?hl=en
-~----------~----~----~----~------~----~------~--~---
