[jboss-as7-dev] [AS7-664] Proposed changes for the HTTP Server

Darran Lofthouse darran.lofthouse at jboss.com
Wed Apr 27 07:18:49 EDT 2011


On 04/27/2011 12:10 PM, Remy Maucherat wrote:
> On Wed, 2011-04-27 at 12:00 +0100, Darran Lofthouse wrote:
>> On 04/27/2011 11:56 AM, Remy Maucherat wrote:
>>> On Wed, 2011-04-27 at 12:29 +0200, Heiko Braun wrote:
>>>>
>>>> A 'session' can not be distinguished by 'physical connection'.
>>>> (Assuming you refer to the port)
>>>>
>>>> I think what we need is proper session management, no?
>>>> Maybe Remy has some input on this?
>>>
>>> Add a cookie with an ID. No need to make it very complex.
>>
>> For the moment adding a cookie with an ID for session management is more
>> complex that we actually need ;-)
>
> Ok ;) But if the alternative is link encoding, it may be more annoying
> to do, and it is also less secure.

Yes that is also another reason why I am trying to keep the state 
management to the actual minimum that I need - once we add a cookie all 
the clients needs to support cookies and then for the clients that don't 
we have to start looking at encoding the ID in all the URLs.

>



More information about the jboss-as7-dev mailing list