- From: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Date: Wed, 23 Dec 2015 23:10:19 +0000
- To: Kari Hurtta <hurtta-ietf@elmme-mailer.org>, ietf-http-wg@w3.org
-------- In message <E1aBe0k-00010L-VL@maggie.w3.org>, Kari Hurtta writes: >I notice that this however does not solve cookie problems. It's really very simple: Clients shouldn't even know cookies exist. Clients should send a session-ID to the server. The session-ID should be marked either anonymous or persistent. If it is anonymous, the client is never going to reuse it after this session ends, so the server need not bother store anything permanently. If it is persistent, the client wil reuse the same session identifier in the future, and the server can use it as index into server side state storage facilities. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Received on Wednesday, 23 December 2015 23:10:46 UTC