Everything which can be done with client-initiated session-ids can
be done with server initiated session-ids. The server can issue a
random number as session-id and treat it as if it were issued by the client.
The reverse is not true. There is no way to do any client-side data
bases (like the Netscape implementation of shopping baskets) with
server initiated session-ids. Similar functionality might be achieved
with a server-side data base, but not as cleanly (the server has no
way of knowing when the session ends). In any case, the possible
*implementations* with server initiated are strictly more general.
You can argue that client initiated session-id is easier to implement in
the client, but the only existing implementation in a client (of which
I am aware) is server-side initiated.
John Franks