I talked with the OP [or someone who talks a _lot_ like the OP:)] on IRC about this issue before recommending they open a ticket... and aside from anything else discussed, since someone already saw fit to include an extended JSONEncoder class in core/serializers, why doesn't the session machinery re-use it?
All it does is add support for date, time, datetime and Decimal. And the answer is: there's no way for a matching Decoder to know when to decode any of these types, since there's no schema available. The only "simple" alternative that comes to mind is something like MsgPack, with a bunch of pre-defined Extension types. As far as the security benefits, I think Donald has nailed it -- no part of the system should base its security around relying on the integrity of any other part. -- Curtis -- You received this message because you are subscribed to the Google Groups "Django developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at http://groups.google.com/group/django-developers. For more options, visit https://groups.google.com/groups/opt_out.
