Wouldn't it be helpful to add the "Transient Object Container" to the SAFE_TYPES
? See plone.protect/auto.py at f2016f5d3b9d0ee071fa442cc5e818da760bb4fc · plone/plone.protect · GitHub
Or make an other case for the object at path /temporary_storage/session_data
? See here: plone.protect/auto.py at f2016f5d3b9d0ee071fa442cc5e818da760bb4fc · plone/plone.protect · GitHub
Or is it better in general to use a dedicated storage engine for that? For example I remember beaker.session
. Or what about a redis backend?
I understand that the session object is deprecated and should not be used but sometimes it would be really helpful to store some data not visible to or editable through the user. In our product we also could store the data in the user object itself. That could be a bit more comfortable between logins but also requires writing data to the main storage.