W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > September to December 1997

RE: REAUTHENTICATION REQUIRED

From: Paul Leach <paulle@microsoft.com>
Date: Mon, 24 Nov 1997 10:23:51 -0800
Message-Id: <5CEA8663F24DD111A96100805FFE658720378D@red-msg-51.dns.microsoft.com>
To: "'David W. Morris'" <dwm@xpasc.com>
Cc: 'http-wg' <http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com>, 'Jim Gettys' <jg@w3.org>, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
How about cookies? I've heard they are useful for tracking state... :-)

As I understand it:  cookie has a magic number in it. Magic number is index
into a table at the server. Table has timeout information.

> ----------
> From: 	David W. Morris[SMTP:dwm@xpasc.com]
> Sent: 	Monday, November 24, 1997 10:07 AM
> To: 	Paul Leach
> Cc: 	'http-wg'; 'Jim Gettys'; http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
> Subject: 	RE: REAUTHENTICATION REQUIRED
> 
> My point is that the server HAS NO WAY to perform a timeout on its own
> without someform of state tracking.  By providing a timeout to the
> client, the server doesn't need to introduce some other form of
> state management.
> 
> On Mon, 24 Nov 1997, Paul Leach wrote:
> 
> > How the server does it's timeout is completely up to it, or more
> precisely,
> > up to the application that uses the server.
> > 
> > As far as I can tell, the people who want this have quite well formed
> ideas
> > as to how long the timeout should be, so we don't need to include
> > guidelines.
> > 
> > As to the second suggestion, which I'll call  "2xx Logout", I'm
> agnostic,
> > and await more WG feedback.
> 
Received on Monday, 24 November 1997 10:27:36 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:33:04 EDT