- From: Henrik Frystyk Nielsen <frystyk@w3.org>
- Date: Tue, 18 Jul 1995 09:01:00 -0400 (EDT)
- To: "Daniel W. Connolly" <connolly@beach.w3.org>
- Cc: Brian Behlendorf <brian@organic.com>, Terry Myerson <tmyerson@iserver.interse.com>, www-talk@w3.org
On Tue, 18 Jul 1995, Daniel W. Connolly wrote: > One might argue (in fact, one has argued: Hi Henrik!) that this is an > extension of the From: field, and these data belong there. I don't > believe so: if the From: field is present, it should contain a valid > email address of the requesting user (clearly the server cannot depend > on the authenticity of the From: field, but that doesn't mean we > should corrupt it further in the protocol spec). What I have pointed out is that a `random' number is merely an anonymous substitute for the From: field. It would be the same as allowing anything as a valid value in the From: field. As far as I recall, the definition of the field in 822 pretty much accepts anything as a valid address. However, this is just to clarify the meaning of a "session" ID (what ever a session is) - I don't intend to actually suggest the overload of the From: field. > Even though the session ID is random, there may be privacy concerns: > some folks leave their browser running for a long time, and this > mechanism might allow unwanted correlations to be observed. So perhaps > there should be a preference to turn this feature off. Then we are back to the From field ;-) Are there any experience about using the Referer: header to analyze user patterns? It is correct that it doesn't indicate discontinuous browsing (and have other limitations), but I would think that continous browsing is a goal so that users don't have to type in URLs (or even see them). > But I believe it is cost effective: just like the junk-mail > advertisements in your Visa bill envelope help reduce the annual > fee on that Visa card, providing extra information in requests > will allow information providers to increase their quality of service > by more accurately modelling the usage of their information. It would be unfortunate to send 'junk-mail' in HTTP - it is already very verbose, and round trips _are_ an important factor. The only advantage in my mind of using an ID instead of a Referer field is that it might in fact be shorter... -- Henrik Frystyk frystyk@W3.org World-Wide Web Consortium, Tel + 1 617 258 8143 MIT/LCS, NE43-356 Fax + 1 617 258 8682 77 Massachusetts Avenue Cambridge MA 02154, USA
Received on Tuesday, 18 July 1995 09:01:04 UTC