On Thu, Apr 22, 2010 at 2:50 PM, Mark H. Wood wrote:
> Consider that Google and Yahoo! receive traffic many orders of
> magnitude greater than perhaps 99.9% of the rest of the Web. What is a
> performance problem for them may not be a performance problem for you.
> I run a number of web servers a
Consider that Google and Yahoo! receive traffic many orders of
magnitude greater than perhaps 99.9% of the rest of the Web. What is a
performance problem for them may not be a performance problem for you.
I run a number of web servers and I don't think I could buy a computer
so slow that TLS overh
On Thu, Apr 22, 2010 at 2:04 PM, Krist van Besien
wrote:
> There is in my opinion no good reason not to have https for the whole
> session. The "performance" argument doesn't really apply anymore in a
> time that you can buy several webservers for the cost of employing one
> webserver specialist f
On Thu, Apr 22, 2010 at 1:38 PM, Nicholas Sherlock wrote:
> On 22/04/2010 5:29 p.m., Krist van Besien wrote:
>>
>> Just consider the following:
>> - You direct a user to a login form. He enters username and password,
>> gets authenticated and receives a session cookie from the server.
>> - This se
On 22/04/2010 5:29 p.m., Krist van Besien wrote:
Just consider the following:
- You direct a user to a login form. He enters username and password,
gets authenticated and receives a session cookie from the server.
- This session cookie is sent with each subsequent request, so that
the requests ca
