On Dec 2, 4:14 pm, Damian <[EMAIL PROTECTED]> wrote:
> To answer your question Michael, I wanted something to store data
> that would not get sent back to the user (and hence could not be
> tampered with),
> but still be associated with their session, and that would expire
> automatically
> after some time.

session data is stored on the server, or in the case of a cookie based
session in an encrypted and signed string.  the end user does not have
access to either view or modify the contents of the session, so its
safe to do whatever your app needs with it.

if sessions didn't work this way, they'd be pretty much useless as you
couldn't even check them for a login token - the end user could have
placed it there !
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"pylons-discuss" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/pylons-discuss?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to