Re: session-id redux

Brian Behlendorf:
>Here's my attempt at a FAP (like an FAQ, but "Frequently Argued Points") 
>for this issue.  I apologize if I let biases cloud the sides, I'm only 
>1) Session-IDs are marketing fluff that provide no benefit to the user, 
>weight down the request, and are a threat to privacy.

You didn't mention the following Con, which IMO is the most important

  Session-id allows for a reliable and relatively straightforward
  implementation of what I call a `statefull dialog' between user and
  service, that is a dialog that extends beyond the submission of one
  form.  By allowing statefull dialogs, session-id will greatly increase
  the potential of the web as a two-way communications medium.

  Compared to this, the improvement possible through better clicktrail
  analysis by the marketing department is not very significant.

I have been thinking about writing a FAQ-like summary of the
session-id thread, and I think I'll go on writing it, because I feel
your summary does not address all points that need summarizing.

A number of issues have been clarified in this thread, and I feel
these clarifications need to be stored somewhere in an easy-to-access
way.  Else, we will have this whole thread again in August.

I don't know when I will finish writing my summary.  It will probably
be too long to post here, so I think I'll end up posing a pointer to


Received on Wednesday, 26 July 1995 07:39:35 UTC