Re: 3 Proposals: session ID, business-card auth, customer auth

> ******* I. The Request-ID: header field:
> Each HTTP request should include a header field of the form:
>         Request-ID: $session $request++
> i.e.    Request-ID: 342%33a4d443 12
> 
> One might argue (in fact, one has argued: Hi Henrik!) that this is an
> extension of the From: field, and these data belong there.

Looks to me like it's the Message-ID field with a little bit of
meaning in the unique part of the ID: a request count.

The relevant RFC is 850, which says:

   In order to conform to RFC 822, the Message-ID must have the format
     "<" "unique" "@" "full domain name" ">"

   where "full domain name" is the full name of the host at which the
   article entered the network, including a domain that host is in, and
   unique is any string of printing ASCII characters, not including " ",
   or "@". For example, the "unique" part could be an integer representing
   a sequence number for articles submitted to the network, or a short
   string derived from the date and time the article was created. For
   example, valid message ID for an article submitted from site ucbvax in
   domain Berkeley.ARPA would be " ".

We could add a layer on this for HTTP messages: that "unique" be
broken up into two parts by some token (say "."), making it
"request.other". "Request" is the request counter, "other" is a unique
string provided by the browser.

	<mike

Received on Tuesday, 18 July 1995 13:20:53 UTC