>I guess it would be possible to implement a custom >state-saving/state-restoring mechanism that encrypts the data using a >key stored in the user session.
... or use a converter that did the encryption/decryption ? >Why would the objects stored in the user session on the server be >serialized at all, unless webserver clustering is enabled? This is a good point and it probably explains the question I asked in a post that hit the list about 15 minutes ago. I was under the impression the value was serialized in both scenarios from past discussions I have had on the list. http://www.mail- archive.com/[email protected]/msg08176.html >That does lead to some pretty heavy memory management at the server end. What if it was serialized to disk Simon ;-) Dennis Byrne
