- From: John Franks <john@math.nwu.edu>
- Date: Fri, 21 Jul 1995 11:09:51 -0500 (CDT)
- To: koen@win.tue.nl (Koen Holtman)
- Cc: john@math.nwu.edu, www-talk@w3.org
According to Koen Holtman: > John Franks: > >3. Server initiated session-ids have strictly greater generality. > >In particular, if you *really want* a server side data base you > >can have it using the server supplied cookie as a key. > > They have no greater generality at all as far as I know. Could you > give an example? > Everything which can be done with client-initiated session-ids can be done with server initiated session-ids. The server can issue a random number as session-id and treat it as if it were issued by the client. The reverse is not true. There is no way to do any client-side data bases (like the Netscape implementation of shopping baskets) with server initiated session-ids. Similar functionality might be achieved with a server-side data base, but not as cleanly (the server has no way of knowing when the session ends). In any case, the possible *implementations* with server initiated are strictly more general. You can argue that client initiated session-id is easier to implement in the client, but the only existing implementation in a client (of which I am aware) is server-side initiated. John Franks
Received on Friday, 21 July 1995 12:12:07 UTC