960920-2

The HTTP 1.0 protocol is built on short connections, transfer of data, and immediate disconnections. This gives problems if you wish to design an application where the computer needs to know what a certain user has done earlier. Describe different methods, provided with HTTP 1.0 and HTTP 1.1, of handling this problem. Also discuss the pros and cons of the methods you describe.

Possible answer:

Method

Pros

Cons

Put transaction identifier in a custom URL Simple, short, works with all browsers Value shown to user, which can be a problem with, for example, passwords.
Put transaction identifier in a hidden field in a form Simple, works with all browsers Server needs to remember status of each user
Put all session knowledge in hidden or public fields in a form Simple, works with all browsers Can slow down interaction of much information need to be stored.
Put transaction identifier in a magic cookie Simple, short Some users do not like or disable magic cookies. Server needs to remember status of each user.
Use persistent connection facility of HTTP/1.1   New facility in HTTP/1.1, not very well tried. Server may have short timeouts.
Log the IP address of the client in the server For a user who always uses the same client, server can remember information for a long time. Insecure, more than one user might access from the same IP address. Server needs to remember status of each user.

List of exam questions