- From: Gary Adams - Sun Microsystems Labs BOS <gra@labboot.east.sun.com>
- Date: Mon, 1 May 1995 08:02:40 +0500
- To: nazgul@utopia.com, www-talk@www10.w3.org
> Date: Sat, 29 Apr 1995 15:13:26 +0500 > From: nazgul@utopia.com (Kee Hinckley) > Subject: Re: Session tracking ... > > It does seem to me that the magic-cookie design is very closely tied to > existing password systems, and in that respect I think it's worth > considering whether the two mechanisms might be tied together more tightly > (a user password system with expirations makes perfect sense, for > instance). I haven't delved into that side of the protocol enough to say > any more. This is a very good point, that some of the "identifiers" (session, cookie, whatever) should have a similar life cycle as security credentials (where passwds are a valid instance of server side authentication). > > Shopping carts embedded in ids is a cute hack, but it's a red herring. The > real goal in my mind is to find a way to identify a user without requiring > them to carry a separate ID for every store they walk into. It seems to me that a "user centric" view of the web would call for client side generation of the credentials, that could be reused at many different storefront businesses.i.e. shopping at a mall rather than a department store for one stop shopping.
Received on Monday, 1 May 1995 08:05:10 UTC