W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2012

Re: Introducing a Session header...

From: Poul-Henning Kamp <phk@phk.freebsd.dk>
Date: Fri, 20 Jul 2012 12:35:23 +0000
To: "Nicolas Mailhot" <nicolas.mailhot@laposte.net>
cc: "Amos Jeffries" <squid3@treenet.co.nz>, "Willy Tarreau" <w@1wt.eu>, ietf-http-wg@w3.org
Message-ID: <22691.1342787723@critter.freebsd.dk>
In message <8d6b6668433e8aa7c67601ab9b0f485d.squirrel@arekh.dyndns.org>, "Nicol
as Mailhot" writes:

>The problem if you do it this way is that:

>3. the user agent has no information if it should share the id with
>another site or not

Ohh, that's the disconnect:  It should _never_ share the session-id
with any other site, that's sort of the entire point.

As for how long the session lasts ?

By default: Until user switches to another site, closes the
tab/window/computer or by other means makes the intention clear.

*unless* the user by positive action indicates to the user-agent
that she wants a persistent session to that site.

Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.
Received on Friday, 20 July 2012 12:35:47 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:03 UTC