W3C home > Mailing lists > Public > www-talk@w3.org > July to August 1995

Re: Session-Id

From: Mike Meyer <mwm@contessa.phone.net>
Date: Tue, 25 Jul 95 14:55:40 PST
Message-Id: <19950725.7840400.DA9E@contessa.phone.net>
To: www-talk@w3.org
> I'm confused.  Do you mean to say you want session-id renegotiation by
> the client for the case that two servers want to push the same
> session-id value on the client?
	
No - I'm just uncomfortable allowing the server to specify the session
id, even if the client only uses it for that server. The renegotiation
is trivial (just send the ID you generated), and a client doesn't need
to implement it. Do you think the renegotiation shouldn't be there at
all?

> I still think that with `one server only' restrictions, both client
> generated and server generated have exactly the same privacy problems.

Now I'm confused. I think you're objecting to having a renegotation,
but what your'e proposing - `one server only' - would require that for
server-generated id's anyway.

	<mike
Received on Tuesday, 25 July 1995 18:02:54 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 27 October 2010 18:14:18 GMT