Re: Session tracking

Gary Adams - Sun Microsystems Labs BOS (gra@labboot.east.sun.com)
Mon, 1 May 1995 08:12:31 +0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Mosley, Art: "HTML 2.0/3.o"
Previous message: Koen Holtman: "HTTP and statefull services (was: Shopping baskets)"
Maybe in reply to: Brian Behlendorf: "Session tracking"
Next in thread: Jared Rhine: "Re: Session tracking"

> Date: Sat, 29 Apr 1995 15:13:26 +0500
> From: nazgul@utopia.com (Kee Hinckley)
> Subject: Re: Session tracking
..
>
> It does seem to me that the magic-cookie design is very closely tied to
> existing password systems, and in that respect I think it's worth
> considering whether the two mechanisms might be tied together more tightly
> (a user password system with expirations makes perfect sense, for
> instance). I haven't delved into that side of the protocol enough to say
> any more.

This is a very good point, that some of the "identifiers" (session, cookie,
whatever) should have a similar life cycle as security credentials (where
passwds are a valid instance of server side authentication).

>
> Shopping carts embedded in ids is a cute hack, but it's a red herring. The
> real goal in my mind is to find a way to identify a user without requiring
> them to carry a separate ID for every store they walk into.

It seems to me that a "user centric" view of the web would call for
client side generation of the credentials, that could be reused
at many different storefront businesses.i.e. shopping at a mall
rather than a department store for one stop shopping.

Next message: Mosley, Art: "HTML 2.0/3.o"
Previous message: Koen Holtman: "HTTP and statefull services (was: Shopping baskets)"
Maybe in reply to: Brian Behlendorf: "Session tracking"
Next in thread: Jared Rhine: "Re: Session tracking"