Cart
|
[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] Re: Re: Cookies at XML Europe 2004 -- Call for Particip ati
 At 10:16 PM -0800 1/5/04, Robert Koberg wrote: >> I wish my bank offered this, yes. Given the ID they assigned, the >> password is the only thing strongly protecting the account. > >that and some random session identifier for your session, right? Not if they're using the web architecture properly. HTTP is a stateless,sessionless protocol. There is no session, nor does there need to be one. Each request, GET or POST, is an atomic operation on some resource. For example, a bank might offer me the following URIs: http://www.bankexample.com/elharo/accountsummary/ http://www.bankexample.com/elharo/transactionlist/ http://www.bankexample.com/elharo/transactionlist?startdate=20030101&enddate=20031212 http://www.bankexample.com/elharo/transferfunds/ etc. Each of these is bookmarkable, linkable, referrable, irrespective of where I come from. They are not dependent on any kind of session. However, access to each of these resources would require my user name and password, which I would supply once, and the browser would repeat as necessary. If the browser forgets it (e.g. I quit the browser and relaunch it) then I would have to type it in again. They are, of course, dependent on the state of the resources. For instance the actual data served as the representation of http://www.bankexample.com/elharo/accountsummary/ would change as deposits and withdrawals are made. -- Elliotte Rusty Harold elharo@m... Effective XML (Addison-Wesley, 2003) http://www.cafeconleche.org/books/effectivexml http://www.amazon.com/exec/obidos/ISBN%3D0321150406/ref%3Dnosim/cafeaulaitA 
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! 
Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|
|||||||||
