- From: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Date: Tue, 28 Aug 2018 06:15:55 +0000
- To: Rigo Wenning <rigo@w3.org>
- cc: Mike West <mkwst@google.com>, HTTP Working Group <ietf-http-wg@w3.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, squid3@treenet.co.nz
-------- In message <1759921.cfu6vzEqSt@hegel>, Rigo Wenning writes: >I think we should stick to the ID and purpose discussion. Because >IMHO and AIAL, this will serve data protection/self determination >the most. (Yes I deliberately did not use "privacy"). Having slept on it, I have come to the conclusion that nothing is really gained by the client informing the server that a given session ID is to be permanent or transient. Please forget that idea. So just to make sure we are on the same page here: * The session-ID lives and dies with a single "UX session" (Ie: when the user moves to another site by means exterior to the shown content, bookmarks, type URL, close tab etc. the session-ID is thrown away.) * A separate session-ID is used for each server contacted in a "UX session" (ie: www.example.com, img.example.com, example_com.cdn.com gets three different session-ID's) If so, I am not opposed to the server sending back a routing-ID to be used for subsequent requests in the same "UX-session" and to be thrown away with the session-ID -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Received on Tuesday, 28 August 2018 06:16:23 UTC