Re: HTTP/1.1 Protocol: Help Needed
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: HTTP/1.1 Protocol: Help Needed

You mean to suggest that we should store the session details in form data?

I mean to suggest that trying to do good authentication with cookies or URL frobs is a difficult, ugly problem. Though I have seen one approach that essentially encoded Kerberos tickets in cookies that seemed to me to have potential, but that still wouldn't solve the problem for sites/proxies that thwart cookies. I think putting such frobs in URLs would make the URLs too long.

Well... how do I, then, validate whether a valid session
(authenticated session) exists or not if I have to access resources
other than forms - like movie file, pdf, doc etc!

As you say, cookies are sometimes disabled (and for good reasons), how
do I track the session for non-form resources/files?

And it also means that I cannot simply move from one page to another -
if I'm putting validation data as form data, each link must be a
form-submit link with some option.

How far can this be justified?

Just because http exists does not mean it is a good tool for everything you might want to do over a network.

Keith



_______________________________________________
Ietf mailing list
Ietf at ietf.org
https://www1.ietf.org/mailman/listinfo/ietf



Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.