RE: Seiwald Q & A -- "GET for EDIT" cookies

Yaron Goland (yarong@microsoft.com)
Fri, 30 Aug 1996 16:41:01 -0700


Sure you do a check out on the document and the system records on the 
Server the existence of the check out. Then you do a check in on the 
document and the server knows who has the document checked out. Either way 
cookies do not need and should not be a part of this standard. If a server 
needs to use cookies, for whatever reason, then it can use the cookie 
mechanisms already available, however it is am implementation specific need 
and does not fit into the general model of check in/check out.
						Yaron

----------
From:  Christopher Seiwald[SMTP:seiwald@perforce.com]
Sent:  Friday, August 30, 1996 8:46 AM
To:  murray@sq.com; seiwald@perforce.com
Cc:  dgd@cs.bu.edu; ejw@ics.uci.edu; w3c-dist-auth@w3.org; 
www-vers-wg@ics.uci.edu
Subject:  Re: Seiwald Q & A -- "GET for EDIT" cookies

Much has floated around about this that I mean to answer, but for
now Murray has posted the most straightforward inquiry.

| From: Murray Maloney <murray@sq.com>
| Subject: Re: Seiwald Q & A -- "GET for EDIT" cookies
|
| When a user "checks out" a document for editing,
| the revision contrl system "should" record who it
| is that is checking out the document so that when
| the same user attempts to "check in" the document
| there is a mechanism to say "Hey, remember me? I am
| checking in the document that I previously checked out
| for editing. Here it is." The RCS can verify that it is
| the same user that is recorded and proceed, or reject
| the action if it is not the same user.
|

Very close, except I'm not asserting that the revision control system
_should_ record anything when a user starts to edit a document.  Instead,
I say that there are many systems that _do_ record something, and that
HTTP _should_ cart around a token ("or cookie" ) of this recorded
information.

For something like RCS or CVS, the cookie might be only a name and rev
of the document.  For Clearcase or Perforce, the cookie might be an
inscrutable pointer to info in its database.  For less version-stringent
systems, there may be no cookie at all.

| Christopher is asserting that a "cookie" is the best,
| if not the only, way to manage the session.

Perhaps there is another way?

Christopher