Hacker News new | ask | show | jobs
by mcbits 2732 days ago
> when you get a request id from a user

Just a public service reminder that "never trust the client" still applies, in case you were imagining user agents generating their own ULIDs to relive servers of the duty or something. Nothing prevents them from sending duplicate or out-of-order IDs.
1 comments
taeric 2732 days ago
I've always been intrigued by having clients provide the id. I think I understand why that choice is made, but it does seem unusually error fragile.
link