From: Martijn Pieters <mj@digicool.com> Erm.. .you guys realizing that you are opening a gaping security hole here?

You are right. An astronomical worm-hole. :) Personally, I do the following things: (1) I only use cookies that are encrypted. (2) I avoid using serialization (pickle). On point (1): why would anyone want to expose the recipe of their cookies? If you don't do that with real cookies, why would you do it with internet cookies? :) On point (2): If it is pure data, don't pickle it. Don't be lazy. Write a output format for it. You'll be glad, because you will be able to handle the data from something else than Python. If it is really necessary to keep track of large objects, it's better to store and retrieve them on the server side. I remember someone wrote a How-to on this: http://www.zope.org/Members/gaaros/localcookies Hung Jung ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com