On Fri, Feb 3, 2017 at 6:37 PM, Jonathan Vanasco <[email protected]> wro > > > So I assume you defer creating a null session until it's used? >
Actually, no. Pretty much every page includes a CSRF token somewhere, and thus require a session. However these simple sessions are stored entirely in the session cookie, so no server-side storage is required. -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-discuss/CAM4%2Bx0Ho4C9XmHhZfOTqOygWJtz%3D-QeqdTrYOSx%2BQr27GJ-NuA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
