My opposition to sessions was at the xmlrpc layer. I'm fine with
sessions on the web side, and I believe we already do that to track
searches and do paging.
What I did not want to do is to keep track of sessions at the xmlrpc
layer. We have the xedit api that allows a user of the xmlrpc api to
make specific changes to objects instead of saving the whole object. I'd
much prefer to see the web interface use that instead.
I'm not a very good with django, I'd love to see a patch to fix this.
Yeah, there's a couple things I've been considering changing since
I've gotten much better at django since I originally rewrote the web
interface.
1) Move to wsgi - mod_python is dead
2) Get rid of the basic auth and use a form-based login
I may tackle this in the near future along with the object saving stuff.