On Fri, Sep 25, 2009 at 1:18 AM, Simon Willison <[email protected]> wrote: > > As mentioned in the thread about cookie-based notifications, at the > DjangoCon Sprints I raised the subject of adding signing (and signed > cookies) to Django core. > > I've found myself using signing more and more over time, and I think > it's a concept which is common enough to deserve inclusion in Django - > if anything, its use should be actively encouraged by the framework.
Put me down as +1 in favor of adding support for signed cookies in some form. As for the exact form that the API will take - I don't have any particularly strong opinions at this point, and there are plenty of big brains weighing in, so I will stay out of the discussion and let the community evolve the idea. By way of greasing the wheels towards trunk: if the outcome of this mailing list thread was a wiki page that digested all the ideas, concerns and issues into a single page, it will make the final approval process much easier. Luke Plant's wiki page on the proposed CSRF changes [1] is a good model to follow here - I wasn't involved in the early stages of that discussion, but thanks to that wiki page, I was able to come up to speed very quickly and see why certain ideas were rejected. [1] http://code.djangoproject.com/wiki/CsrfProtection Yours, Russ Magee %-) --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~----------~----~----~----~------~----~------~--~---
