Re: 3 Proposals: session ID, business-card auth, customer auth

Mike Meyer (
Tue, 18 Jul 95 10:13:35 PST

> ******* I. The Request-ID: header field:
> Each HTTP request should include a header field of the form:
> Request-ID: $session $request++
> i.e. Request-ID: 342%33a4d443 12
> One might argue (in fact, one has argued: Hi Henrik!) that this is an
> extension of the From: field, and these data belong there.

Looks to me like it's the Message-ID field with a little bit of
meaning in the unique part of the ID: a request count.

The relevant RFC is 850, which says:

In order to conform to RFC 822, the Message-ID must have the format
"<" "unique" "@" "full domain name" ">"

where "full domain name" is the full name of the host at which the
article entered the network, including a domain that host is in, and
unique is any string of printing ASCII characters, not including " ",
or "@". For example, the "unique" part could be an integer representing
a sequence number for articles submitted to the network, or a short
string derived from the date and time the article was created. For
example, valid message ID for an article submitted from site ucbvax in
domain Berkeley.ARPA would be " ".

We could add a layer on this for HTTP messages: that "unique" be
broken up into two parts by some token (say "."), making it
"request.other". "Request" is the request counter, "other" is a unique
string provided by the browser.