Session-Id and privacy mechanisms

Koen Holtman (
Sat, 22 Jul 1995 11:47:52 +0200 (MET DST)

I've been thinking about the relation between adding session-ids to
get statefull dialogs and adding session-ids to get better statistics
for the marketing department.

There are two possibilities:

1) combine them: make one session-id mechanism that caters for
both. Client-generated stuff in the From header seems the obvious

2) separate them: add
a) a server-initiated session-id mechanism to get statefull dialogs
b) a client-generated session-id (in From) to get better statistics.

The advantage of 1) should be clear: two problems solved for the price
of one.

*Some* implementations of 2) could be better because of privacy
reasons. a) and b) could be switched on and off independently.

*If* browsers have a configuration screen like

Handling of a) `statefull dialog' session-id requests:
( ) Always honor request
( ) Always honor request if it was done in a response to
a form submission (POST).
(*) Ask once for every site, use reply in later sessions
( ) Never honor request

Generate b) statistics-enhancing session-ids:
( ) Yes
(*) No

where the (*) are the default settings, *and if* a web culture
develops in which commercial sites asking for a `statefull dialog'
session-id if the browser does not send a `statistics' session-id,
purely to get better statistics, are considered rude, *then* current
levels of privacy could be mostly retained.

Some issues related to such an elaborate scheme for retaining privacy

- How do we translate the above configuration screen to something
that can be understood by the average user?

- Do we really want it? This is only relevant for large numbers of
users behind proxies accessing popular sites anyway. Are they
really worth the effort?

- What happens if the makers of commercial browsers get interested in
expanding their business to making web statistics packages, and
start shipping browsers with default setting

Generate b) statistics-enhancing session-ids:
(*) Yes
( ) No ,

or even hard-wire this choice into their browsers? In the light of
this, does it even make sense to carefully design HTTP in such a
way that the proxy/popular_site privacy advantage can be retained?