W3C home > Mailing lists > Public > www-talk@w3.org > July to August 1995

Re: Client <-> Server-generated Session IDs

From: Terje Norderhaug <Norderhaug.CHI@xerox.com>
Date: Thu, 27 Jul 1995 10:36:32 -0800
Message-Id: <ac3d89bc020210049ccf@[130.191.70.106]>
To: rep@iexist.att.com, www-talk@w3.org
At 8:10 AM 7/27/95, rep@iexist.att.com wrote:
>I must be missing something because I don't see the connection between
>privacy and the client vs. server generation of a Session ID.[...]
>As long as our clients allow us to configure them not to send
>REMOTE_USER and REMOTE_IDENT, the server won't really know who we are, will
>they?

At some point in time you might find yourself filling out personal
information in a form. With session ids accross servers it become possible
to trace your excact steps on the web by merging the entries with the same
id in the logfiles from the various services. Even more so if the id is
kept between sessions.

-- Terje <Norderhaug.CHI@Xerox.com>
   <URL:http://www.ifi.uio.no/~terjen/>
Received on Thursday, 27 July 1995 13:35:25 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 27 October 2010 18:14:18 GMT