W3C home > Mailing lists > Public > www-talk@w3.org > July to August 1995

Re: Session-Id

From: John Franks <john@math.nwu.edu>
Date: Mon, 24 Jul 1995 10:33:23 -0500
Message-Id: <199507241533.KAA08217@hopf.math.nwu.edu>
To: www-talk@w3.org

In article <199507241015.MAA06204@wswiop05.win.tue.nl>, Koen Holtman writes:
> However, the redirection (3xx) feature in HTTP would allow cooperating
> service providers to obtain (session-id for server a.com,session-id
> for server b.com) pairs where both are known (with 100% accuracy) to
> originate from the same user agent.

Can you explain this?  I don't understand how redirection affects
these issues.  For example, under the Netscape scheme, if server a.com
issues a redirect to server b.com the client does an entirely new
request to the new server, without any session-id if b.com is not
equal to a.com.  Under the Netscape proposal, however, the cookie can
be shared between host a.x.com and b.x.com.  It cannot be shared
between a.x.com and *.y.com.  (This is according to the spec -- I
don't know how it is currently implemented).


John Franks 	Dept of Math. Northwestern University
Received on Monday, 24 July 1995 11:33:13 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:32:57 UTC