Re: Introducing a Session header...

In message <DA91A72D-BD1E-4E7F-9C7C-5DC0DFD6C000@acm.org>, Philippe Mougin writ
es:

>- HTTP was designed with the idea that there is no application state 
>(i.e., session state) stored on the server. This provides a number of 
>architectural benefits.

That might have been the idea, but it is certainly not the (only)
practice today.

In fact, many appearantly server state-less sites, uses load-balancers
to direct the client to the same server all the time, in order to
benefit from database and VM caching of ... session-relevant state.

I think that HTTP/2.0 should serve all relevant contemporary and
future needs, and be less concerned about what ideas somebody had
or didn't have 20 years ago.

And after all, nobody is proposing that HTTP/2.0 make the server
state-less model impossible to implement.

I won't claim that the original idea could not have survived as the
sole model, but if so, cookies should have been killed as a concept
before it became the festing pile of state-poo they have become.

The fact the EU has felt it necessary to legislate what cookies can
contain and what they can be used for, should not be overlooked
here.  HTTP/2.0 can and will be scrutinized in Bxl for compliance
with EU privacy and cookie directives.  Being proactive might pay off.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

Received on Thursday, 19 July 2012 20:49:35 UTC