- From: Paul Leach <paulle@microsoft.com>
- Date: Mon, 24 Nov 1997 10:23:51 -0800
- To: "'David W. Morris'" <dwm@xpasc.com>
- Cc: 'http-wg' <http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com>, 'Jim Gettys' <jg@w3.org>, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
How about cookies? I've heard they are useful for tracking state... :-) As I understand it: cookie has a magic number in it. Magic number is index into a table at the server. Table has timeout information. > ---------- > From: David W. Morris[SMTP:dwm@xpasc.com] > Sent: Monday, November 24, 1997 10:07 AM > To: Paul Leach > Cc: 'http-wg'; 'Jim Gettys'; http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com > Subject: RE: REAUTHENTICATION REQUIRED > > My point is that the server HAS NO WAY to perform a timeout on its own > without someform of state tracking. By providing a timeout to the > client, the server doesn't need to introduce some other form of > state management. > > On Mon, 24 Nov 1997, Paul Leach wrote: > > > How the server does it's timeout is completely up to it, or more > precisely, > > up to the application that uses the server. > > > > As far as I can tell, the people who want this have quite well formed > ideas > > as to how long the timeout should be, so we don't need to include > > guidelines. > > > > As to the second suggestion, which I'll call "2xx Logout", I'm > agnostic, > > and await more WG feedback. >
Received on Monday, 24 November 1997 10:27:36 UTC