- From: Paul Burchard <burchard@horizon.math.utah.edu>
- Date: Fri, 21 Apr 95 00:21:20 -0600
- To: montulli@netscape.com
- Cc: Multiple recipients of list <www-talk@www10.w3.org>
"Lou Montulli" <montulli@netscape.com> writes: > My proposal is meant to solve a much broader set of > problems than a simple session id. [...] One of it's more > useful applications is an online shopping basket. As I feared. A cookie hidden in the HTTP headers is not the way to implement this! Just think about it from the customer's point of view: With a real shopping basket, I can see at all times what I've collected so far. I can compare what's there with my budget, and with other competitive products that I come across. As a result of my comparisons, I can take products out at any time and put them back on the shelf. Your solution compares poorly with a cardboard box :-) Instead, like any client-side state, the shopping basket makes most sense as a document -- something the user can see and act upon. And like any association, the relationships tying various "vendor stalls" with the associated shopping basket should be established using links. So rather "solving" the problem by adding complicated statefulness to HTTP (a future nightmare, in my opinion), a better investment would be to think about how to rectify the Web's primitive model for linking and navigation of documents -- one of its key strategic weaknesses. P.S. I'm still in favor of a Session-ID proposed by Brian Behlendorf/Dave Kristol, which has the more modest purpose of allowing reliable (but not secure) identification of anonymous users. -------------------------------------------------------------------- Paul Burchard <burchard@math.utah.edu> ``I'm still learning how to count backwards from infinity...'' --------------------------------------------------------------------
Received on Friday, 21 April 1995 02:21:14 UTC