These days I'd use the PAS with plone.session, which despite its name works fine without Plone.

https://pypi.python.org/pypi/plone.session

Stefan


On 09.02.2014, at 23:10, Jon Grange wrote:

Hello all
Returning to a zope 2 web application I built 5 or 6 years ago that now needs some updating. Is cookie crumbler over SSL still a good and proper way to secure a public facing website?

-- 
Stefan H. Holek