At the risk of repeating myself, here is what I still believe is the
best path through all the options (and why). (Note: I have left the
text "I think" out of lots of the following :-)

Some people want to refer to previous result sets for persistence
(eg: so can make multiple requests on one previous query and get consistent
results back).

Some people want to refer to previous result sets in following CQL
queries. This way you can refine your queries. In this case, I claim
that result set names need to make sense to the *human* typing in
the CQL query. Whether the server or the client allocates the set name,
the set name must be short and easy to type in. This means the result
set name cannot be unique across different users.

Thus in order to satisfy both requirements, result set names cannot be
assumed to be unique on a server. Therefore I claim that the uniqueness
must be implemented using a session id that is separate to the result
set name.

If you don't want/need result set support, then I don't think a server
should provide any guarantee to keep resources around. This allows a
server to free up things whenver it likes (result sets should tried to
be freed as soon as it is not expected there is any benefit in keeping
them around longer). Also, sessions are not needed if result sets
are not needed.

Hence I propse again the following semantics for searches (for brevity
I will not talk about fetching records - I think its pretty clear that
you can ask for records immediately or later if you have a result set.
I just want to tackle a simple model for session and result set management.)

Search Request Parameters
- CQL query string
- Optional requested result set name
- Optional session id

Search Response Contents:
- Optional result set name
- Optional session id
- (Other stuff such as how many records in set etc)

A client is only permitted to request previously created result sets if
the session id of the session they were created in is supplied in the

If a request supplies an existing valid session id, the response always
returns the same session id.

If a request does not supply a session id but does supply a result set
name, then a new session id is returned.

If a request does not supply a session id or a result set name, then
a session id is not returned (and the server does not have to maintain
any session support at all).

You could go further and say session support is optional. Level 0 SRU/SRW
support does not use the session id or result set name arguments in
requests (and hence responses). Level 1 support includes sessions.
(I am not recommending this, just illustrating there is a clean difference
between session less and session based requests.)

Level 0 support (no sessions) works much better when you have a farm
of processors. It also allows one ZAssociation to be shared between
multiple users (there is no state).

Level 1 support can be implemented by creating a ZAsscoation per session
id in order to ensure result sets for different users do not collide.
(This is not mandated though - multiple sessions could share a ZAssociation
by prefixing the user's result set name with the session id for example.)