A few services embed session IDs in domain names. This has some advantages for certain web-based applications (for example, URL rewriting is not required to include a session ID in URLs if cookies are turned off). However, the drawbacks seem to be more severe: It's not possible to protect the session IDs in domain names against eavesdropping, and the RRs put an unnecessary burden on caching resolvers.
Is there some kind of best practices document to discurage this approach, or do you think the fact that this idea has been patented is discouragement enough. . dnsop resources:_____________________________________________________ web user interface: http://darkwing.uoregon.edu/~llynch/dnsop.html mhonarc archive: http://darkwing.uoregon.edu/~llynch/dnsop/index.html
