- From: Martin J. Dürst <duerst@it.aoyama.ac.jp>
- Date: Wed, 18 Jul 2012 10:16:13 +0900
- To: Ross Nicoll <jrn@jrn.me.uk>
- CC: James M Snell <jasnell@gmail.com>, ietf-http-wg@w3.org
On 2012/07/18 8:08, Ross Nicoll wrote: > I'd also be tempted to tighten the definition of a session identifier, to be > a UUID. This may make backwards compatibility trickier, but I think would > encourage use of difficult to guess identifiers by developers who may > otherwise simply hand out sequence numbers, without knowing better. Yes. Or simply stick the cookie dough into the Session header :-(. Regards, Martin.
Received on Wednesday, 18 July 2012 01:16:47 UTC