Re: Seiwald Q & A -- "GET for EDIT" cookies from Murray Maloney on 1996-08-30 (w3c-dist-auth@w3.org from July to September 1996)

From: Murray Maloney <murray@sq.com>
Date: Fri, 30 Aug 1996 12:03:39 -0400
To: Christopher Seiwald <seiwald@perforce.com>
Cc: murray@sq.com, seiwald@perforce.com, dgd@cs.bu.edu, ejw@ics.uci.edu, w3c-dist-auth@w3.org, www-vers-wg@ics.uci.edu
Message-Id: <2.2.32.19960830160339.006e8390@sq.com>

More questions below...

At 08:46 AM 30-08-96 -0700, Christopher Seiwald wrote:
>Much has floated around about this that I mean to answer, but for
>now Murray has posted the most straightforward inquiry.
>
>| From: Murray Maloney <murray@sq.com>
>| Subject: Re: Seiwald Q & A -- "GET for EDIT" cookies
>|
>| When a user "checks out" a document for editing,
>| the revision contrl system "should" record who it
>| is that is checking out the document so that when
>| the same user attempts to "check in" the document
>| there is a mechanism to say "Hey, remember me? I am
>| checking in the document that I previously checked out
>| for editing. Here it is." The RCS can verify that it is
>| the same user that is recorded and proceed, or reject
>| the action if it is not the same user.
>|
>
>Very close, except I'm not asserting that the revision control system
>_should_ record anything when a user starts to edit a document.  Instead,
>I say that there are many systems that _do_ record something, and that
>HTTP _should_ cart around a token ("or cookie" ) of this recorded
>information.

Right.  I quoted "should" to indicate that it was a goo idea,
not a requirement. The cookie, in this case, is like a certificate
that lets the user know that the transaction was completed and
that the document has officially been checked out.
>
>For something like RCS or CVS, the cookie might be only a name and rev
>of the document.  For Clearcase or Perforce, the cookie might be an
>inscrutable pointer to info in its database.  For less version-stringent
>systems, there may be no cookie at all.

I would think that the cookie should only contain the most 
basic of information, such as a pair of values to validate
the check out (an ID) and a record of the cookie that was issued.
The RCS could, at its discretion, maintain a database of the
pointer into the database etc.
>
>| Christopher is asserting that a "cookie" is the best,
>| if not the only, way to manage the session.
>
>Perhaps there is another way?

Certainly the document itself could carry information
along with it, in a META tag or on any tag that we can
legitimately propose. This would allow arbitrary 
authoring tools to have access to whatever information
the RCS provides -- without having to inspect any cookies
that might be associated with the document. I am including 
Notepad in my definition of arbitrary authoring tools.
For debugging purposes, I think that it will be useful
to carry info in the document. 

>
>Christopher
>
>
>
Murray Maloney                   "Life is a daring adventure,
Technical Director                or it is nothing" 
SoftQuad Inc                      -- Helen Keller

Received on Friday, 30 August 1996 12:07:13 UTC