Unfortunately, this probably exists to support Flash file uploads, which
can't pass cookies due to an ancient, still unfixed API bug.

Yehuda Katz
Architect | Strobe
(ph) 718.877.1325


On Sun, Oct 3, 2010 at 10:03 AM, James Tucker <jftucker@gmail.com> wrote:

> There's an option in the sessions infrastructure to support sessions via
> params. It's untested anywhere except in the memcache session specs. I'd
> like to remove it as it's nothing but an optional security hole. I can't
> imagine anyone using this for anything sane, but I'm checking here in case
> I'm wrong.