- From: Dave Kristol <dmk@allegra.att.com>
- Date: Tue, 18 Apr 95 15:22:46 EDT
- To: johnl@ora.com
- Cc: www-talk@www10.w3.org
John Labovitz <johnl@ora.com> said: > dmk@allegra.att.com (Dave Kristol) said: > > > 2) The client should (but need not, particularly to provide > > compatibility with existing clients) send a SessionID request header to > > a given host. The header should be whatever SessionID header the > > client last got from that host, independent of the URLs requested. > > Wouldn't it be an advantage to some kind of > 'realm' scheme as in Basic Authentication, so > different parts of a server could have different > sessions? While that might be useful, it would be much more complicated. In particular it would complicate what a proxy has to do. (Wouldn't a proxy cache need to know which URLs are in which 'realm' and return a suitable SessionID? What SessionID would that be?) The server is certainly free to change the SessionID if a user moves into a different 'realm', to use your term. Dave Kristol
Received on Tuesday, 18 April 1995 19:15:00 UTC