[Zope-dev] Re: CoreSessionTracking proposal

Toby Dickenson tdickenson@geminidataloggers.com
Tue, 3 Oct 2000 12:24:22 +0100


> > i.e. it is secure if the key *is* the data, rather than a key to the
> > data.
> 
> Can you explain?  I do not see what you're getting at.
 
Consider how the tree-tag stores its 'session' data. Its impossible to
hijack a tree-tag session because the 'session' state is stored by the
client (in the URL) in full.

There are other differences between this type of session and the
CoreSessionTrackingProposal; but the advantages are not all one way.