- From: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Date: Fri, 20 Jul 2012 12:35:23 +0000
- To: "Nicolas Mailhot" <nicolas.mailhot@laposte.net>
- cc: "Amos Jeffries" <squid3@treenet.co.nz>, "Willy Tarreau" <w@1wt.eu>, ietf-http-wg@w3.org
In message <8d6b6668433e8aa7c67601ab9b0f485d.squirrel@arekh.dyndns.org>, "Nicol as Mailhot" writes: >The problem if you do it this way is that: >3. the user agent has no information if it should share the id with >another site or not Ohh, that's the disconnect: It should _never_ share the session-id with any other site, that's sort of the entire point. As for how long the session lasts ? By default: Until user switches to another site, closes the tab/window/computer or by other means makes the intention clear. *unless* the user by positive action indicates to the user-agent that she wants a persistent session to that site. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Received on Friday, 20 July 2012 12:35:47 UTC