W3C home > Mailing lists > Public > www-talk@w3.org > May to June 1995

Re: Session tracking

From: Gary Adams - Sun Microsystems Labs BOS <gra@labboot.east.sun.com>
Date: Mon, 1 May 1995 08:02:40 +0500
Message-Id: <9505011202.AA05125@labboot.East.Sun.COM>
To: nazgul@utopia.com, www-talk@www10.w3.org
> Date: Sat, 29 Apr 1995 15:13:26 +0500
> From: nazgul@utopia.com (Kee Hinckley)
> Subject: Re: Session tracking
> It does seem to me that the magic-cookie design is very closely tied to
> existing password systems, and in that respect I think it's worth
> considering whether the two mechanisms might be tied together more tightly
> (a user password system with expirations makes perfect sense, for
> instance). I haven't delved into that side of the protocol enough to say
> any more.

This is a very good point, that some of the "identifiers" (session, cookie,
whatever) should have a similar life cycle as security credentials (where
passwds are a valid instance of server side authentication).

> Shopping carts embedded in ids is a cute hack, but it's a red herring. The
> real goal in my mind is to find a way to identify a user without requiring
> them to carry a separate ID for every store they walk into.

It seems to me that a "user centric" view of the web would call for
client side generation of the credentials, that could be reused
at many different storefront businesses.i.e. shopping at a mall
rather than a department store for one stop shopping.
Received on Monday, 1 May 1995 08:05:10 UTC

This archive was generated by hypermail 2.4.0 : Monday, 20 January 2020 16:08:17 UTC