Robert Sanderson wrote:

> > If we have (persistent) result set names, do we still need session ids?
> Yes. Otherwise you could subvert other users' result sets as you don't
> know who created it.

By "subvert" I assume you're referring to spoofing?  (That is, I assume we're
not concerned about ambiguity, since the server is assigning names.)  How does
the session id help with that problem?

I thought we had this discussion before, but I can't find it in the archive, and
if we did, I don't remember what if anything we concluded.