[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ns] tcp and session facility

Dear Mr.,

My name is Domenico Pascuzzi, an italian student in Computer Science at University of Calabria (Cosenza). Now I’m working at my thesis degree and I think (and hope) you can help me.

My work is about the development of an application-independent system able to keep user session in web applications. The idea is to enhance TCP/IP stack with session management facility.

As you know, HTTP is a stateless protocol, so subsequent request made by the same client (browser) are treated like independent ones: browser opens an HTTP connection, makes a request, the server gives a response and then closes the HTTP (and TCP) connection. With this mechanism, we can model only "request-response application", i. e., application in which the interaction between client and server is made of a single couple request-response (HTTP transaction). Nowadays, many Internet applications (e-commerce, on-line banking, on-line trading, etc.) are made of several HTTP transactions; in general, a transaction need to use state information obtained during precedent transaction (1,..., i-1), in some words, it's necessary to keep user session.

For instance, if a user wants to buy on-line, the application must remember state information about the items he wants to purchase. At present many techniques have been developed to face the problem of keeping session (cookie, url rewriting, Java session).... these techniques work at application layer (ISO/OSI layer 7). With my thesis, we want to investigate the possibility to build a mechanism of keeping session at a lower layer. The possibility is to enhance TCP/IP with a module able to track session or to implement a session protocol (ISO/OSI layer 5).

Doing so, session management will be trasparent for applications and it will become a built-in service (like data transport or routing offered by tcp and ip).

Now, my answer are:

1) What is your opinion about these possible solutions?

2) It's correct to approach the problem at layer 3 (network, IP), layer 4 (transport), layer 5 (session)?

3) I intend to work under Linux on server side, so I have the chance to "open" TCP/IP stack and to add some kind of module to offer keeping session facility. On client side, we have a browser running under WIN 98, WIN NT, so we could think to add some kind of plug-in.

Where can I operate and How can I proceed in your opinion?

4) Have you some advice or suggest to face the problem? I'd also like to keep session after disconnections.......do you think that it is possible at layer TCP/IP ?

I hope you will answer me asap because it's very important for my studies.

Best regards

Domenico