Sean Perry wrote: > magus wrote: > > Yes, but "cheapness" is only one of my concerns. I have two bigger > > concerns: > > > > 1. By limiting the external dependencies (i.e. the number of django > > modules I use) I will lower the risk of being hit by a bug that I don't > > control. > > 2. AFAICS the session is represented by a cookie, for me this is > > totally unnecessary since there will be no session. The webservice will > > have no server-side state to keep track of. Also, there's a lot of > > smart people out there and they keep on comming up with new and > > interesting ways to use session cookies (session hijacking, session > > fixation, etc.). > > > > if you never ask it to set a cookie, no cookie is ever created.
I believe you meant to say "if you never call login() no cookie is created". That is good to know for the future if I ever actually NEED the functionality that's available in contrib.auth :-) /M --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users -~----------~----~----~----~------~----~------~--~---