Hacker News new | ask | show | jobs
by yalogin 4722 days ago
What is the alternative to cookies? What does he mean by session/identity facility?
1 comments
_delirium 4722 days ago
There's some discussion in this thread: http://lists.w3.org/Archives/Public/ietf-http-wg/2012JulSep/...

in short,

   the need for a Session header to replace the use of Cookies
   for basic session management
link
cldr 4722 days ago
So is that just cookies by another name?
link
Qantourisc 4722 days ago
Cookies with an expire of session and secure flag set: yes. But this should be more secure, and stored for 1 session implicitly.
link
jimktrains2 4722 days ago
And in theory less data, right? a session ID doesn't need to store the kilobytes that cookies do.
link
yalogin 4721 days ago
Why can't there be multiple sessions for different functionalities? I am not sure people are going to relinquish the cookie concept. All the sessions are doing is have the "cookies" transported as part of the HTTP message and not as a separate file (payload)
link
jimktrains2 4721 days ago
I'm not sure I understand you.

I'm talking about a Session-ID header that'd have a 128bit (say) max length or something. Not something that has a few kb limit like a cookie.

Also, a GET request wouldn't send a payload so I'm not sure what you mean.

link
jessaustin 4719 days ago
Cookies are sent in the Cookie and Set-Cookie headers. No separate files.
link