Ah, good answer. That makes me sad bear, but fair enough.

On 3 Oct 2010, at 14:59, Yehuda Katz wrote:

> Unfortunately, this probably exists to support Flash file uploads, which can't pass cookies due to an ancient, still unfixed API bug.
> 
> Yehuda Katz
> Architect | Strobe
> (ph) 718.877.1325
> 
> 
> On Sun, Oct 3, 2010 at 10:03 AM, James Tucker <jftucker@gmail.com> wrote:
> There's an option in the sessions infrastructure to support sessions via params. It's untested anywhere except in the memcache session specs. I'd like to remove it as it's nothing but an optional security hole. I can't imagine anyone using this for anything sane, but I'm checking here in case I'm wrong.
>