- From: Rohit Khare <khare@pest.w3.org>
- Date: Fri, 16 Feb 96 14:29:26 -0500
- To: www-logging@w3.org
There are several session-ID proposals floating around. Cookies, I think, are
a dubious way to handle user identification for the future.
One stab at it is:
>1) Session Identification
>
>Obviously, people today *are* able to do sessions with URL-munging,
>cookies, BASIC auth, etc. It's clear, though,that JEPI will strongly
>suggest a session-identifier to track the state of negotiation.
>
>Rohit presented the alternatives that have been developed,
>such as "MD5(secret|hostname), counter++". We can create pseudonyms,
>session counters, and so on. Originally, this was included in 3
>(demographic profiling).
>
>I think that we need some input from HTTP,the logging & measurement
>groups, and implementors. If we can solve the problem of
>discriminating 'user sessions' (such as multiple windows on a site),
>we should run with one of these solutions.
>
>Protocol Name: http://pep.w3.org/Session
>Parameters: {id MD5(client_secret | scheme://host:port)}
> {c integer++}
What's missing is a UI to 'scramble' the ID and come in without being
correlated to past or future visits.
Thoughts?
Rohit Khare
Received on Friday, 16 February 1996 14:28:07 UTC