Re: session-id redux

Koen Holtman (
Wed, 26 Jul 1995 13:38:01 +0200 (MET DST)

Brian Behlendorf:
>Here's my attempt at a FAP (like an FAQ, but "Frequently Argued Points")
>for this issue. I apologize if I let biases cloud the sides, I'm only
>1) Session-IDs are marketing fluff that provide no benefit to the user,
>weight down the request, and are a threat to privacy.

You didn't mention the following Con, which IMO is the most important

Session-id allows for a reliable and relatively straightforward
implementation of what I call a `statefull dialog' between user and
service, that is a dialog that extends beyond the submission of one
form. By allowing statefull dialogs, session-id will greatly increase
the potential of the web as a two-way communications medium.

Compared to this, the improvement possible through better clicktrail
analysis by the marketing department is not very significant.

I have been thinking about writing a FAQ-like summary of the
session-id thread, and I think I'll go on writing it, because I feel
your summary does not address all points that need summarizing.

A number of issues have been clarified in this thread, and I feel
these clarifications need to be stored somewhere in an easy-to-access
way. Else, we will have this whole thread again in August.

I don't know when I will finish writing my summary. It will probably
be too long to post here, so I think I'll end up posing a pointer to