> > i.e. it is secure if the key *is* the data, rather than a key to the > > data. > > Can you explain? I do not see what you're getting at. Consider how the tree-tag stores its 'session' data. Its impossible to hijack a tree-tag session because the 'session' state is stored by the client (in the URL) in full. There are other differences between this type of session and the CoreSessionTrackingProposal; but the advantages are not all one way. _______________________________________________ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
- [Zope-dev] Re: CoreSessionTracking proposal gotcha
- Re: [Zope-dev] Re: CoreSessionTracking proposal Phillip J. Eby
- Re: [Zope-dev] Re: CoreSessionTracking proposal KevinL
- Re: [Zope-dev] Re: CoreSessionTracking proposal Anthony Baxter
- Re: [Zope-dev] Re: CoreSessionTracking proposal Toby Dickenson
- Re: [Zope-dev] Re: CoreSessionTracking proposal Chris McDonough
- RE: [Zope-dev] Re: CoreSessionTracking proposal Toby Dickenson
- Re: [Zope-dev] TreeTag as Sessions Example Chris Withers
- Re: [Zope-dev] Re: CoreSessionTracking proposal Chris McDonough
- [Zope-dev] TreeTag ;-) Chris Withers
- Re: [Zope-dev] TreeTag ;-) Chris McDonough
- Re: [Zope-dev] TreeTag ;-) Chris Withers
- Re: [Zope-dev] TreeTag ;-) Chris McDonough
- Re: [Zope-dev] Re: CoreSessionTracking proposal Anthony Baxter
- RE: [Zope-dev] Re: CoreSessionTracking proposal Toby Dickenson