30 Jan
2001
30 Jan
'01
4:33 p.m.
From: "Chris McDonough" <chrism@digicool.com> A new release of the "CoreSessionTracking" product is out. The product allows you to associate state with anonymous visitors between requests.
I've been wondering about this for a long time. It allows you to associate state with anonymous users. Does this imply that you can't associate state with authenticated users, or that there's another mechanism to do it with authenticated users? In the servlet paradigm, there's a distinction between the HTTP session and authentication. You set up a session with an HTTP request, and thereafter if the session ID is returned to you it's the same session. In that session, the user can choose to login or not. Is this the same thing or is it different?