I talked with the OP [or someone who talks a _lot_ like the OP:)] on IRC about this issue before recommending they open a ticket... and aside from anything else discussed, since someone already saw fit to include an extended JSONEncoder class in core/serializers, why doesn't the session machinery re-use it?
All it does is add support for date, time, datetime and Decimal. And the answer is: there's no way for a matching Decoder to know when to decode any of these types, since there's no schema available. The only "simple" alternative that comes to mind is something like MsgPack, with a bunch of pre-defined Extension types. As far as the security benefits, I think Donald has nailed it -- no part of the system should base its security around relying on the integrity of any other part. -- Curtis -- You received this message because you are subscribed to the Google Groups "Django developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/django-developers. For more options, visit https://groups.google.com/groups/opt_out.
