Re: 3 Proposals: session ID, business-card auth, customer auth
Mon, 24 Jul 95 13:03:11 PDT

In article <>, Koen Holtman writes:
> However, the redirection (3xx) feature in HTTP would allow cooperating
> service providers to obtain (session-id for server,session-id
> for server pairs where both are known (with 100% accuracy) to
> originate from the same user agent.

Can you explain this? I don't understand how redirection affects
these issues. For example, under the Netscape scheme, if server
issues a redirect to server the client does an entirely new
request to the new server, without any session-id if is not
equal to Under the Netscape proposal, however, the cookie can
be shared between host and It cannot be shared
between and * (This is according to the spec -- I
don't know how it is currently implemented).


John Franks Dept of Math. Northwestern University