> Are you suggesting that the session token should actually 
> store session
> data?

As an alternative SessionManager, it appears to have some advatanges that
others do not.

It is the only option (AFAIK) that avoids the session hijacking problem
without relying on security-through-obscurity (the problem you mentioned,
but its not one that gets me excited). 

Its also the only sensible option that lets you bookmark your place in a
session, and return to it much later (which interests me more).

>  Or are you just pointing out the difference between the
> implementation an implementation that meets the requirements 
> of sessions
> and an implementation adequate for things like the tree tag?

Isnt the tree tag an example of one Session use case? It smells alot like a
session to me.

Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope )

Reply via email to