- From: M. Hedlund <hedlund@best.com>
- Date: Wed, 1 Nov 1995 13:40:19 -0700
- To: Beth Frank <efrank@ncsa.uiuc.edu>, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
At 2:06 PM 11/1/95, Beth Frank wrote (quoting Shel): >> The list looks pretty good to me, but I'd also like to see the following >> on it: >> >> - state management (for example, the state-info proposal by Dave Kristol) ><Rest of Shel's message cut> > >I'd like to second the addition of state management. Our initial development >plans for sessions (or state) included support of Netscape's cookie, however >I've been informed by someone who watches www-talk much more closely than I do, >that there is some debate over whether the Netscape implementation is the way >it should be handled. I certainly agree that state-info should be in there, and I _very_ strongly agree that Dave Kristol's proposal is a far superior implementation to cookies. Most of my complaints with the cookie proposal have to do with privacy, which has been discussed at length on www-talk. A number of cookie implementations have had serious privacy problems; and I have yet to see an implementation that gives the user any clue as to what the hell it's doing. Since Dave's proposal makes very reasonable efforts to reduce no-caching, and since the whole proposal makes session-munged URLs unnecessary, this issue falls well within the scope of Shel's closing statement: >I also think this group shouldn't do one more single thing until >all issues related to caching are completely nailed down. [Back to Beth:] >If the group can come to some agreement on how sessions and states should be >handled, we'll implement it (on the server side) early '96. That would be great. Any server supporting CGI can be made to use State-info through scripts, so if clients start recognizing it, the rest of the implementation can be done pretty quickly. M. Hedlund <hedlund@best.com>
Received on Wednesday, 1 November 1995 13:42:04 UTC