This can be implemented in about 500 lines of C code so it's not
really as complex as it might sound. This is also very
similar to the way access authorization works so there can
be alot of shared code involved.
> Second, the cross-session capability is a really poor man's
> solution for storing state client-side. Isn't the persistent
> document cache already a much more sophisticated place for storing
> state across sessions on the client? Why have a separate, parallel
> mechanism for caching and security of these limited, HTTP-specific
> "cookies"? I'd rather see some new HTTP metainfo which gives hints
> for persistent caching and reloading of documents (I'm not sure how
> to do this though...).
Embedding state information in documents is the wrong
way to accomplish this. Information embedded within a
document is dependant on the path used to enter a server.
If you don't access through the same URL you lose the information.
With cookies the information is sent regardless of your
-- Lou Montulli http://www.mcom.com/people/montulli/ Netscape Communications Corp.