On Tue, 16 Aug 2005 16:37:31 -0400, "Phillip J. Eby" <[EMAIL PROTECTED]> said: > At 01:14 PM 8/16/2005 -0700, Jonathan Ellis wrote: > >But there's a reason they're in such common use; it's a huge waste > >(particular for low-bandwidth clients) to store anything more than > >absolutely necessary in a cookie that the client sends repeatedly. Much > >more efficient to send "here's my token" which the server uses to > >retrieve the rest. > > I agree; and in fact until I saw Ian's status-message example, I've never > had need to store anything in a cookie except login credentials or an > identifier used to find application objects like a shopping cart. > > IOW, cookies are fundamentally for short strings. However, if your > session > data consists solely of short strings, or short-lived medium-size strings > (like a status message) then it works out nicely.
Sure, but given the choice between N short strings and one, one is better. :) > If you have session data other than short strings, then you should store > it > with your application data, since it's clearly data that's part of your > application. Still, it can be good to have a simple place to store non-permanent information. Is the potential for abuse worth it? Perhaps not. I also can't think of a time when I needed sessions in the past 5 or so years. -Jonathan _______________________________________________ Web-SIG mailing list Web-SIG@python.org Web SIG: http://www.python.org/sigs/web-sig Unsubscribe: http://mail.python.org/mailman/options/web-sig/archive%40mail-archive.com
