[Zope-dev] Re: CoreSessionTracking proposal
Toby Dickenson
tdickenson@geminidataloggers.com
Tue, 3 Oct 2000 14:45:38 +0100
> Are you suggesting that the session token should actually
> store session
> data?
As an alternative SessionManager, it appears to have some advatanges that
others do not.
It is the only option (AFAIK) that avoids the session hijacking problem
without relying on security-through-obscurity (the problem you mentioned,
but its not one that gets me excited).
Its also the only sensible option that lets you bookmark your place in a
session, and return to it much later (which interests me more).
> Or are you just pointing out the difference between the
> implementation an implementation that meets the requirements
> of sessions
> and an implementation adequate for things like the tree tag?
Isnt the tree tag an example of one Session use case? It smells alot like a
session to me.