Re: Session tracking

Jared Rhine ([email protected])
Wed, 10 May 1995 03:18:13 +0500


[Citation date: Fri, 21 Apr 1995 19:31:52 +0500]
JP == James Pitkow <[email protected]>

[The topic was session-tracking proposals, esp the proposed "Session-ID"
header.]

JP> 1) identify sessions (esp. from firewalled domains)
JP> [...]
JP> If the 'From:' field is widely used, you'd have what you wanted(1).

No, I don't believe so, because one of the stated requirements is that we be
able to identify sessions without compromising the identity of the user.

If this is the case, I fail to see how current HTTP practices allow for
session tracking as you claim:

JP> My point is that the protocol does not need to be changed to handle
JP> session(1) &/or user identification(2) - WWW browsers/interfaces need
JP> to pass the right information.

Elaborations?

-- 
[email protected] / HMC / <URL:http://www.hmc.edu/~jared/home>

"Remember: Once you pull the pin, Mr. Grenade is no longer your friend." -- Zippy the Pinhead