- From: Marc Hadley <Marc.Hadley@Sun.COM>
- Date: Thu, 03 Feb 2005 09:37:51 -0500
- To: Rich Salz <rsalz@datapower.com>
- Cc: "public-ws-async-tf@w3.org" <public-ws-async-tf@w3.org>
On Feb 2, 2005, at 10:30 PM, Rich Salz wrote: >> Basically the request is sent as normal as the entity body >> of a HTTP POST request but instead of returning the response in the >> HTTP entity body, the server responds with a 303 (See other) status >> code and includes a Location header that gives a URI from which the >> response can be retrieved. The client then uses a new HTTP GET request >> to retrieve the response. > > How can I be sure that the client doing the "new GET" is in fact the > same > as the first client who did the original POST? I don't think you can be sure. You can generate sufficiently unique URI for the redirect to ensure that clients won't stumble on each others responses by mistake and you can use HTTPS to hide the redirects from snoopers. Marc. --- Marc Hadley <marc.hadley at sun.com> Web Technologies and Standards, Sun Microsystems.
Received on Thursday, 3 February 2005 14:37:56 UTC