W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2013

Re: HTTP router point-of-view concerns

From: Willy Tarreau <w@1wt.eu>
Date: Sat, 13 Jul 2013 19:32:22 +0200
To: Sam Pullara <spullara@gmail.com>
Cc: Poul-Henning Kamp <phk@phk.freebsd.dk>, Mark Nottingham <mnot@mnot.net>, James M Snell <jasnell@gmail.com>, Martin Thomson <martin.thomson@gmail.com>, Amos Jeffries <squid3@treenet.co.nz>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <20130713173222.GM32054@1wt.eu>
On Sat, Jul 13, 2013 at 09:49:42AM -0700, Sam Pullara wrote:
> This can be (and in many cases is already) solved at any web company big
> enough to need to solve it. I'm 100% in favor of using a client generated
> session identifier. This would dramatically simplify HTTP/2 in a real way.
> Cookies are from another era when building a server-side scalable session
> data store was difficult and expensive. I would argue that isn't the case
> anymore.

Until you are able to shrink the time it takes to synchronize two servers
at opposite sides of the world, you'll end up causing delays that are higher
than the average RTTs we're trying to get rid of. Not to mention the amount
of inter-DC traffic.

I'm sorry, but cookies are *not* evil. Some uses of cookies are evil. You
don't need to break the web just because of some improper usages. Otherwise
you can as well advocate against computers because computers are also used
to track people and retrieve a lot of information about them that is not
possible to collect by hand. That's simply non-sense.

We could possibly support very short cookies (eg: 16 bit). That should be
enough for most large deployments, and clearly not enough to track users.

But I want to insist that scalable state management is an important piece
of the net that we must not break just because it makes us feel better.

Willy
Received on Saturday, 13 July 2013 17:34:35 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:14 UTC