> There's no reason to not use JSON by default since it's adequate for > most cases where you need to store lightweight data client-side, since > it's most useful to use with FormWizard and such, where the fields are > easily serialized as strings. If it can't be a drop-in replacement to > the other session storage, just document it and offer a > PickleSignedSessionStorage, but don't push a possibly insecure > default.
The default is secure. If you don't disclose your secret key, you don't have a problem. JSON is considerably more verbose. Cookie space is limited. JSON doesn't support many of the data structures people store in sessions. There are many reasons to store data in sessions beyond FormWizard. It already isn't a drop-in replacement, since it has limitations the other ones don't have. -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com. To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
