- From: Dmitry Mishin <ptitz@dux.ru>
- Date: Thu, 27 Apr 1995 17:39:07 +0400 (MSD)
- To: www-talk@www10.w3.org
> > I don't think HTTP, with or without cookies, will ever be suitable for > electronic shopping. In the physical world, products are scarce, and > when one customer puts it in his basket, nobody else can get it > anymore. You need not just a stateful protocol, but a permanent > connection: if the customer leaves the shop without paying, then you > can put the product back on the shelf. A magic cookie is like an > indefinite claim: if the customer is allowed to take it home with him, > you'll never know if he's planning to buy it eventually or not. I think timeouts, when client have timeout error and need to repeat operation, while server successfully complete this, is more dangerous. Formally one can use session-id or cookie for ignoring same operation from same client, but such protocol seems too weak for operations with money or something similar. D.
Received on Thursday, 27 April 1995 09:39:56 UTC