[Zope] - Secure Server
Christopher G. Petrilli
petrilli@amber.org
Mon, 25 Jan 1999 12:04:50 -0500
On Mon, Jan 25, 1999 at 11:49:17AM -0400, Brad Clements wrote:
> On 25 Jan 99, at 9:51, Kevin Dangoor wrote:
>
> > server. The current implementations of HTTP do not allow for long-lived
> > connections, so the browser sends the user name and password with each
> > request. (The browser makes it so that the user only needs to enter it
> > once, though.)
>
> I don't think this is entirely true. http does allow the client and server to
> agree to keep the connection open. You can see this happening
> between iexploder and iis...
>
What you're seeing is Layer 3 persiistance, not Layer 4. What's
happening is that under HTTP/1.1, the connection can support multiple
HTTP transactions before you have to tear it down and rebuild it. This
does not imply that there is a "session" at the application layer.
By definition all HTTP operations are atomic, and do not imply any
previous or subsequent operations.
Chris
--
| Christopher Petrilli
| petrilli@amber.org