Considerations for some of the constraints and features that we're planning or facing in our implementations.
Should we make the Session object portable between Internet, Extranet and Intranet websites ?
After some prototyping and philosophy, I came to realize that a portable Session object is fraught with perils and potential security exploits that could render one's reputation useless. This is just a thought as of June 26th 2020, after considering my recent prototyping works under atrak.io, where I converted the Session object into a more global (yet facetted) object. The goal was simple, to offer Intranet users pseudo-regular access to Extranet and Internet interfaces that they could be directly editing, still from the Intranet framework. But it does add some load to the processing of individual requests and forces us to use the same cryptographic tokens on the session object, decrypt and then analyse the appropriate parameters to determine if that session is allowed access to the local script. (Although this is done only one in a request, the whole decrypting thing, the additional branching seems to take its toll in the response time for the extra include.)