> When the cookie is recovered, I simply decode, uncompress, thaw, check > the digest, and thaw the inner object.
It's really a good idea to do this even when the cookie is nothing but a session ID. A standard module for this like the one Jay mentioned would definitely be nice. > My strategy for document generation is to build a DOM tree and then > create the output by serializing the DOM to XML or HTML. So, it is > natural in this application to just set everything up before sending the > response. Since I usually structure my applications to do all the work and then pass some data to a template, they also follow this order. The main problem I see with sending some HTML before the work is complete is that if something goes wrong later on you have no way to send a nice error page out. I sometimes see people having this problem on sites I visit: I get an OK response and some HTML and then a second set of headers with an error code and it looks like garbage in a browser. - Perrin