W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2015

Re: State | Re: Calls for Adoption -- Cookie-Related Specifications

From: Poul-Henning Kamp <phk@phk.freebsd.dk>
Date: Wed, 23 Dec 2015 23:10:19 +0000
To: Kari Hurtta <hurtta-ietf@elmme-mailer.org>, ietf-http-wg@w3.org
Message-ID: <51853.1450912219@critter.freebsd.dk>
In message <E1aBe0k-00010L-VL@maggie.w3.org>, Kari Hurtta writes:

>I notice that this however does not solve cookie problems.

It's really very simple:  Clients shouldn't even know cookies exist.

Clients should send a session-ID to the server.

The session-ID should be marked either anonymous
or persistent.

If it is anonymous, the client is never going to
reuse it after this session ends, so the server
need not bother store anything permanently.

If it is persistent, the client wil reuse the
same session identifier in the future, and
the server can use it as index into server
side state storage facilities.

Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.
Received on Wednesday, 23 December 2015 23:10:46 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:40 UTC