Re: Session tracking

John Labovitz <johnl@ora.com> said:
  > dmk@allegra.att.com (Dave Kristol) said:
  > 
  > > 2) The client should (but need not, particularly to provide
  > > compatibility with existing clients) send a SessionID request header to
  > > a given host.  The header should be whatever SessionID header the
  > > client last got from that host, independent of the URLs requested.
  > 
  > Wouldn't it be an advantage to some kind of
  > 'realm' scheme as in Basic Authentication, so 
  > different parts of a server could have different
  > sessions?

While that might be useful, it would be much more complicated.  In
particular it would complicate what a proxy has to do.  (Wouldn't
a proxy cache need to know which URLs are in which 'realm' and
return a suitable SessionID?  What SessionID would that be?)

The server is certainly free to change the SessionID if a user moves
into a different 'realm', to use your term.

Dave Kristol

Received on Tuesday, 18 April 1995 19:15:00 UTC