Re: Cookies, sessions, browser software from Jonathan Ballard on 2012-07-20 (ietf-http-wg@w3.org from July to September 2012)

From: Jonathan Ballard <dzonatas@gmail.com>
Date: Fri, 20 Jul 2012 09:52:09 -0700
To: Paul Frazee <pfrazee@gmail.com>
Cc: Ross Nicoll <jrn@jrn.me.uk>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-ID: <CAAPAK-7bcjva7L0+_yVAeVsztoSX+5YTovMk9Pab3gqwV53DOg@mail.gmail.com>

The HTTP-proxy that acquires state becomes the agent, and that change in
state does not require VM specifications in the protocol.

On Friday, July 20, 2012, Paul Frazee wrote:

> > If session management is going to use headers, surely it needs to be
> defined
> > in the protocol, irrespective of whether the user agent or client-side
> > Javascript writes those headers.
>
> Header usage is certain; I'm wondering if we can just simplify the
> HTTP protocol and anticipate that each application can tailor their
> own protocol with a more specific behavior.
>
> > Beyond that, I don't think we can assume user agents will support
> Javascript
> > or any other sort of scripting
>
> Fair point; I don't know the scope of that issue. If that's not just
> an "old software" situation, then my suggestion doesn't hold.
>
> > and I fear that single pages that re-write
> > themselves are likely to be a nightmare in terms of accessibility (for
> > example for blind users). Certainly I'd much rather define sessions in a
> way
> > that the user agent can manage, and therefore can present options (such
> as
> > logout) in a way that makes sense given their user interface.
>
> Yeah, those are definitely problems with current implementations. I'm
> trying to watch the trend and assume that issues like that will
> eventually be sorted out, but maybe not.
>
>
> > On 20/07/2012 15:39, Paul Frazee wrote:
> >>
> >> On the issue of cookies-- is it possible that improving javascript
> >> features in browsers will ultimately solve the problem? For instance,
> >> the trend of one-page applications give a model in which requests are
> >> formed by the application's client software, allowing it to specify
> >> any session-identifying headers it needs. The model also helps with
> >> caching, as session-specific data can be requested in individual
> >> chunks, while application-environment data (the layout, common markup,
> >> etc) come separately (with more caching, since they apply more
> >> generally).
> >>
> >> If I'm understanding it correctly, I'd suggest that cookies & sessions
> >> be considered a client software issue, not a protocol issue.
> >>
> >
>
>

Received on Friday, 20 July 2012 16:52:36 UTC