W3C home > Mailing lists > Public > www-talk@w3.org > March to April 1995

Re: Session tracking

From: Dave Kristol <dmk@allegra.att.com>
Date: Tue, 18 Apr 95 15:22:46 EDT
Message-Id: <9504182007.AA26344@www10.w3.org>
To: johnl@ora.com
Cc: www-talk@www10.w3.org
John Labovitz <johnl@ora.com> said:
  > dmk@allegra.att.com (Dave Kristol) said:
  > 
  > > 2) The client should (but need not, particularly to provide
  > > compatibility with existing clients) send a SessionID request header to
  > > a given host.  The header should be whatever SessionID header the
  > > client last got from that host, independent of the URLs requested.
  > 
  > Wouldn't it be an advantage to some kind of
  > 'realm' scheme as in Basic Authentication, so 
  > different parts of a server could have different
  > sessions?

While that might be useful, it would be much more complicated.  In
particular it would complicate what a proxy has to do.  (Wouldn't
a proxy cache need to know which URLs are in which 'realm' and
return a suitable SessionID?  What SessionID would that be?)

The server is certainly free to change the SessionID if a user moves
into a different 'realm', to use your term.

Dave Kristol
Received on Tuesday, 18 April 1995 19:15:00 UTC

This archive was generated by hypermail 2.4.0 : Monday, 20 January 2020 16:08:16 UTC