As I read the documentation for SignedCookieSessionFactory, the data stored in the session is not encrypted. So storing a CSRF token in the session Cookie is not a good option. Pyramid_beaker seem to have been deprecated with release 1.5, so which options are the best for a site with very few actions requiring CSRF and other session data. My first thought is to pickle the session data, and storing them in a blob in the user database, but if there is something simpler and/or more elegangt available, I'd like to hear the alternatives.
-- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/pylons-discuss. For more options, visit https://groups.google.com/d/optout.
