Re: 3 Proposals: session ID, business-card auth, customer auth

www-talk-request@w3.org
Mon, 24 Jul 95 13:22:17 PDT

[a much-delayed response...]

hedlund@best.com (Marc Hedlund) wrote (13:23, Friday, July 21):

> At 8:57 AM 7/21/95, Dave Kristol wrote:
> > [...]
> > 2) The client should (but need not, particularly to provide
> > compatibility with existing clients) send a SessionID request header to
> > a given host. The header should be whatever SessionID header the
> > client last got from that host, independent of the URLs requested.
> > [...]
> [...]
> * Dave, do you intend (2) to mean that the session should be
> persistent even past termination of the client? I like the "startup ->
> termination" persistence better.

I was unclear. I intended that clients not cache Session IDs beyond the
lifetime of the client. When you exit the client, your Session IDs vanish.

Dave Kristol