I have sometimes proposed or recommended schemes of storing session
information in an HTTP cookie, encoded and protected by cryptographic
digest.  I know some people on this list have implemented similar
schemes, but I have never actually had occasion to do so.  Now I am
doing that, and I realize the chief drawback to this scheme: all session
information has to be set before generating any HTML output.  The chief
advantage is no requirement for server-side storage of session.

For certain applications, saving all output until the session is
serialized may significantly increase the latency of the first data
packet in the HTTP response.

-jwb



Reply via email to