Forum OpenACS Development: Re: Old message about signed form/ad_page_contract variables

What about signing forms/variables using a secret token tied to a session instead of a user? ecommerce ties critical forms to a session among other things. This suggestion wouldn't work when sessions change, but I'm not sure which cases those would be..