W3C home > Mailing lists > Public > public-html-bugzilla@w3.org > October 2012

[Bug 16739] Should the format of Session ID be more strictly defined?

From: <bugzilla@jessica.w3.org>
Date: Mon, 29 Oct 2012 16:51:16 +0000
To: public-html-bugzilla@w3.org
Message-ID: <bug-16739-2486-PuV7eG1CD8@http.www.w3.org/Bugs/Public/>
https://www.w3.org/Bugs/Public/show_bug.cgi?id=16739

--- Comment #3 from Mark Watson <watsonm@netflix.com> ---
I believe the correct terms would be "browsing context" if secure proof of key
release is not supported or "origin" if it is.

Proposal: add the following text to Section 1.2.3:

"Each SessionID shall be unique within the browsing context in which it was
created. If secure proof of key release is supported each Session ID shall be
unique within the origin. Note that this last requirement implies that Session
IDs shall be unique over time including across browsing sessions."

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
Received on Monday, 29 October 2012 16:51:17 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 29 October 2012 16:51:18 GMT