Securing 'pickle'

Ben Finney bignose-hates-spam at
Fri Jul 11 03:06:05 CEST 2003

On Fri, 11 Jul 2003 13:20:48 +1200, David McNab wrote:
> I'm writing a web app framework which stores pickles in client
> cookies.

Sounds like a waste of bandwidth, in addition to the security concerns
you raise.

Why not store the pickles on the server, and set a session cookie to
refer to them?  That way, you only send a short session ID instead of
the whole pickle, and messing with the cookie doesn't alter the pickles.

(Mmm, all this talk of food...)

 \       "I don't know anything about music. In my line you don't have |
  `\                          to."  -- Elvis Aaron Presley (1935-1977) |
_o__)                                                                  | 9CFE12B0 791A4267 887F520C B7AC2E51 BD41714B

More information about the Python-list mailing list