> 2) The client should (but need not, particularly to provide
> compatibility with existing clients) send a SessionID request header to
> a given host. The header should be whatever SessionID header the
> client last got from that host, independent of the URLs requested.
Wouldn't it be an advantage to some kind of
'realm' scheme as in Basic Authentication, so
different parts of a server could have different
sessions?
-- John Labovitz Technical Services Manager, Global Network Navigator <http://gnn.com/> O'Reilly & Associates, Sebastopol, California, USA (+1 707 829 0515)