[mod_python] MarshalCookie vs. SignedCookie

Gregory (Grisha) Trubetskoy grisha at modpython.org
Sat Oct 30 19:53:11 EDT 2004

A SignedCooke signs the cookie with a cryptographic signature using HMAC, 
which makes it impossible for the client to change the value of it without 
it being evident.

A MarshalCookie marshals the value of the cookie, which allows cookies to 
be not just strings, but more complex Python objects, such as lists and 



On Sat, 30 Oct 2004, Robert Geller wrote:

> Hello all --
> Could somebody please explain the difference between a SignedCookie and
> a MarshalledCookie and the benefits of each? I don't really understand
> the explanation in the documentation, as both of them are signed using
> HMAC. It seems like you can put a value in for MarshalCookie and that
> will be encoded as well, whereas with SignedCookie it won't. Is this the
> only difference?
> Robert Geller
> robert at worksofmagic.com

More information about the Mod_python mailing list