W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2012

Re: Introducing a Session header...

From: Ross Nicoll <jrn@jrn.me.uk>
Date: Fri, 20 Jul 2012 16:13:53 +0100
Message-ID: <500975B1.6080209@jrn.me.uk>
To: Poul-Henning Kamp <phk@phk.freebsd.dk>
CC: ietf-http-wg@w3.org
Ah, sorry, had misintepreted the phrase session (I was thinking somewhat 
of the way Java servlets manage a user session). On that note though, 
probably worth thinking about an alternative header name... 
"Connection-Session" perhaps? Although I'm not sure that's much clearer, 
any other suggestions?

On 20/07/2012 13:51, Poul-Henning Kamp wrote:
> In message <500952FE.1020402@jrn.me.uk>, Ross Nicoll writes:
>> On 20/07/2012 13:35, Poul-Henning Kamp wrote:
>>> Ohh, that's the disconnect:  It should _never_ share the session-id
>>> with any other site, that's sort of the entire point.
>> We rather do want sites to share session IDs, actually, so we can do
>> easy single-sign-on.
> I'm all for single-sign-on, but they need to use a different nonce
> than the session-id I'm talking about.
>
> The session-id I'm talking about, are mainly for letting HTTP routers
> chose the same server for the entire sessions, without having to
> dig through cookies.
>
>
Received on Friday, 20 July 2012 15:14:19 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 20 July 2012 15:14:25 GMT