- From: John Franks <john@math.nwu.edu>
- Date: Mon, 24 Jul 1995 10:33:23 -0500
- To: www-talk@w3.org
In article <199507241015.MAA06204@wswiop05.win.tue.nl>, Koen Holtman writes: > > However, the redirection (3xx) feature in HTTP would allow cooperating > service providers to obtain (session-id for server a.com,session-id > for server b.com) pairs where both are known (with 100% accuracy) to > originate from the same user agent. Can you explain this? I don't understand how redirection affects these issues. For example, under the Netscape scheme, if server a.com issues a redirect to server b.com the client does an entirely new request to the new server, without any session-id if b.com is not equal to a.com. Under the Netscape proposal, however, the cookie can be shared between host a.x.com and b.x.com. It cannot be shared between a.x.com and *.y.com. (This is according to the spec -- I don't know how it is currently implemented). -- John Franks Dept of Math. Northwestern University john@math.nwu.edu
Received on Monday, 24 July 1995 11:33:13 UTC