Re: Session tracking

Dave Kristol ([email protected])
Tue, 18 Apr 1995 19:22:50 +0500


John Labovitz <[email protected]> said:
> [email protected] (Dave Kristol) said:
>
> > 2) The client should (but need not, particularly to provide
> > compatibility with existing clients) send a SessionID request header to
> > a given host. The header should be whatever SessionID header the
> > client last got from that host, independent of the URLs requested.
>
> Wouldn't it be an advantage to some kind of
> 'realm' scheme as in Basic Authentication, so
> different parts of a server could have different
> sessions?

While that might be useful, it would be much more complicated. In
particular it would complicate what a proxy has to do. (Wouldn't
a proxy cache need to know which URLs are in which 'realm' and
return a suitable SessionID? What SessionID would that be?)

The server is certainly free to change the SessionID if a user moves
into a different 'realm', to use your term.

Dave Kristol