Re: Session-ID proposal

Shel Kaphan (
Mon, 21 Aug 1995 09:26:17 -0700

David Morris writes:
> I must have missed something ... if I build an application which needs
> session like control, I have a real hard time believing that I would
> find any intermediate caching (as in proxy) acceptable. Providing a
> mechanism where any arbitrary user could retrieve information cached
> from a session-id based connection seems like an unnecessary exposure
> of semi-private information.
> On Mon, 14 Aug 1995, Jim Seidman wrote:
> > [...]
> > Given these considerations, and the slowly increasing use of "Expires"
> > headers, State-Info could be expensive indeed.
> Hence, I would contend State-Info will have little impact since
> caching would/should be disabled in most contexts where State-Info
> applies.
> Dave Morris

Only some of the pages in a session based application need caching.
(Catalog pages can be cached. The state of an account cannot be).
Only idempotent methods can cache their results. So, there is no
reason why state-info needs to be passed through to an origin server
by a cache when the cache contains a cacheable result already. This is
actually a very important optimization.

--Shel Kaphan