> > i.e. it is secure if the key *is* the data, rather than a key to the
> > data.
> Can you explain?  I do not see what you're getting at.
Consider how the tree-tag stores its 'session' data. Its impossible to
hijack a tree-tag session because the 'session' state is stored by the
client (in the URL) in full.

There are other differences between this type of session and the
CoreSessionTrackingProposal; but the advantages are not all one way.

Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope )

Reply via email to