[Zope] - Secure Server

Christopher G. Petrilli petrilli@amber.org
Mon, 25 Jan 1999 12:04:50 -0500


On Mon, Jan 25, 1999 at 11:49:17AM -0400, Brad Clements wrote:
> On 25 Jan 99, at 9:51, Kevin Dangoor wrote:
> 
> > server. The current implementations of HTTP do not allow for long-lived
> > connections, so the browser sends the user name and password with each
> > request. (The browser makes it so that the user only needs to enter it
> > once, though.)
> 
> I don't think this is entirely true. http does allow the client and server to 
> agree to keep the connection open. You can see this happening 
> between iexploder and iis...
> 

What you're seeing is Layer 3 persiistance, not Layer 4.  What's
happening is that under HTTP/1.1, the connection can support multiple
HTTP transactions before you have to tear it down and rebuild it.  This
does not imply that there is a "session" at the application layer.

By definition all HTTP operations are atomic, and do not imply any
previous or subsequent operations.

Chris
-- 
| Christopher Petrilli
| petrilli@amber.org