Re: Introducing a Session header...

In message <>, "Nicol
as Mailhot" writes:

>The problem if you do it this way is that:

>3. the user agent has no information if it should share the id with
>another site or not

Ohh, that's the disconnect:  It should _never_ share the session-id
with any other site, that's sort of the entire point.

As for how long the session lasts ?

By default: Until user switches to another site, closes the
tab/window/computer or by other means makes the intention clear.

*unless* the user by positive action indicates to the user-agent
that she wants a persistent session to that site.

Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

Received on Friday, 20 July 2012 12:35:47 UTC