Re: Revised Charter

M. Hedlund wrote:
> At 2:06 PM 11/1/95, Beth Frank wrote (quoting Shel):
> >> The list looks pretty good to me, but I'd also like to see the following
> >> on it:
> >>
> >> - state management  (for example, the state-info proposal by Dave Kristol)
> ><Rest of Shel's message cut>
> >
> >I'd like to second the addition of state management.  Our initial development
> >plans for sessions (or state) included support of Netscape's cookie, however
> >I've been informed by someone who watches www-talk much more closely than I do,
> >that there is some debate over whether the Netscape implementation is the way
> >it should be handled.
> I certainly agree that state-info should be in there, and I _very_ strongly
> agree that Dave Kristol's proposal is a far superior implementation to
> cookies.  Most of my complaints with the cookie proposal have to do with
> privacy, which has been discussed at length on www-talk.  A number of
> cookie implementations have had serious privacy problems; and I have yet to
> see an implementation that gives the user any clue as to what the hell it's
> doing.
> Since Dave's proposal makes very reasonable efforts to reduce no-caching,
> and since the whole proposal makes session-munged URLs unnecessary, this
> issue falls well within the scope of Shel's closing statement:

Dave's proposal does nothing to solve the privacy issues that
cookies bring up.  But it does significantly reduce the capibilities.
In fact, it reduces the capibilities such that it is nearly
unusable for large scale applications such as online shopping.
A simple session ID requires the server to hold all the state
information.  This leads to the need for large database lookup's
and distributed database problems.

Lou Montulli       
       Netscape Communications Corp.

Received on Wednesday, 1 November 1995 14:29:05 UTC