[mod_python] Documentation suggestions for section 4.7.1 in the beta mod_python manual

Michael S. Fischer michael at dynamine.net
Fri Nov 7 10:10:14 EST 2003


Hi Grisha,

I have some comments WRT section 4.7.1 in the 3.1.2b mod_python manual.

First, please explain to us why we need yet another cookie class, 
especially one that has the same name as the package that ships with 
Python ("Cookie").  I have to admit, though, that SignedCookie looks 
like a really nice convenience class.

Second, it's really important that you emphasize the security risks of 
using MarshalCookie; see the Python documentation for SerialCookie to 
see why.  Also, there are efficient-length considerations; constructing 
cookies representing 100kB data structures would not be "best practice."

--Michael



More information about the Mod_python mailing list