Re: Introducing a Session header...

Ah, sorry, had misintepreted the phrase session (I was thinking somewhat 
of the way Java servlets manage a user session). On that note though, 
probably worth thinking about an alternative header name... 
"Connection-Session" perhaps? Although I'm not sure that's much clearer, 
any other suggestions?

On 20/07/2012 13:51, Poul-Henning Kamp wrote:
> In message <>, Ross Nicoll writes:
>> On 20/07/2012 13:35, Poul-Henning Kamp wrote:
>>> Ohh, that's the disconnect:  It should _never_ share the session-id
>>> with any other site, that's sort of the entire point.
>> We rather do want sites to share session IDs, actually, so we can do
>> easy single-sign-on.
> I'm all for single-sign-on, but they need to use a different nonce
> than the session-id I'm talking about.
> The session-id I'm talking about, are mainly for letting HTTP routers
> chose the same server for the entire sessions, without having to
> dig through cookies.

Received on Friday, 20 July 2012 15:14:19 UTC