> Are you suggesting that the session token should actually
> store session
> data?
As an alternative SessionManager, it appears to have some advatanges that
others do not.
It is the only option (AFAIK) that avoids the session hijacking problem
without relying on security-through-obscurity (the problem you mentioned,
but its not one that gets me excited).
Its also the only sensible option that lets you bookmark your place in a
session, and return to it much later (which interests me more).
> Or are you just pointing out the difference between the
> implementation an implementation that meets the requirements
> of sessions
> and an implementation adequate for things like the tree tag?
Isnt the tree tag an example of one Session use case? It smells alot like a
session to me.
_______________________________________________
Zope-Dev maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope )