Re: Client <-> Server-generated Session IDs

Terje Norderhaug (Norderhaug.CHI@xerox.com)
Thu, 27 Jul 1995 10:36:32 -0800


At 8:10 AM 7/27/95, rep@iexist.att.com wrote:
>I must be missing something because I don't see the connection between
>privacy and the client vs. server generation of a Session ID.[...]
>As long as our clients allow us to configure them not to send
>REMOTE_USER and REMOTE_IDENT, the server won't really know who we are, will
>they?

At some point in time you might find yourself filling out personal
information in a form. With session ids accross servers it become possible
to trace your excact steps on the web by merging the entries with the same
id in the logfiles from the various services. Even more so if the id is
kept between sessions.

-- Terje <Norderhaug.CHI@Xerox.com>
<URL:http://www.ifi.uio.no/~terjen/>