This means, that everything you set in the session dictionary is changeable through user code. Is there a good reason for this?
I think it would be nice if I could set secret things in the session, mainly authentication information. If i do this currently, any user code can change it, which isn't exactly safe.
REQUEST.SESSION['__ac_username'] = 'root'
def __guarded_setitem__(self, k, v): if k == '_': raise SomeThingOrAnotherError self.__setitem__(k, v)
Fixes that. Then you can only set it from protected code. Is there some reason why this is NOT a good idea?
Zope-Dev maillist - [EMAIL PROTECTED]
** No cross posts or HTML encoding! **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce