Robert Sanderson wrote:
> > If we have (persistent) result set names, do we still need session ids?
>
> Yes. Otherwise you could subvert other users' result sets as you don't
> know who created it.
By "subvert" I assume you're referring to spoofing? (That is, I assume we're
not concerned about ambiguity, since the server is assigning names.) How does
the session id help with that problem?
I thought we had this discussion before, but I can't find it in the archive, and
if we did, I don't remember what if anything we concluded.
--Ray
|