- From: Nico Williams <nico@cryptonector.com>
- Date: Mon, 11 Feb 2013 09:24:34 -0600
- To: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Cc: Zhong Yu <zhong.j.yu@gmail.com>, Julian Reschke <julian.reschke@gmx.de>, "Martin J. Dürst" <duerst@it.aoyama.ac.jp>, James M Snell <jasnell@gmail.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
On Mon, Feb 11, 2013 at 1:20 AM, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote: > I really don't see why it should be the clients problem to store > the servers state. > > If somebody needs 8k of storage for each browser that visits their > website, they can bloody well buy their own disks... It's a common implementation pattern. I'm not ready to tell application implementors to stop doing this. It's not just the disk space, but also the need to fetch it and the need to distribute it across related servers. Using the client to do this has some benefits. (Also, a note about small session IDs: they can't be so small as to be guessable. 32-bit session IDs would be a disaster. I think I'd not feel comfortable with session IDs smaller than 96-bits.) Nico --
Received on Monday, 11 February 2013 15:25:02 UTC