On Fri, Dec 18, 2015 at 10:55 AM, Török Edwin wrote: > > > > The library ships with an in-memory backend (for development and > testing) and a postgresql-ocaml[0] based backend. > > How about signed cookies as a storage backend? > Python Flask and Django can use it to store session entirely in the > cookies with an hmac signature and expiration time, so your server can be > entirely stateless. > As long as the amount of data in your session is small, and all you need > is authenticated data (and not secret data) I think its quite an elegant > solution, > and more fitting with a functional style. > This is interesting. As far as I can tell, it should be possible to implement this as a backend without any modifications to module signatures. Now of course comes the question Cryptokit or nocrypto :) That decision, for better or worse, has already been made by ocaml-session: it uses nocrypto to generate session keys. -Spiros E.