I have put together a simple soft proposal for a pair of HTTP Request/Response headers that bridge to the browser's sessionStorage mechanism for session ID storage. It's basically to embrace the new SPA style architecture prevalent on the web, and the use of sessionStorage, instead of the old-school usage of session cookies.
Details: https://gist.github.com/getify/7240515 TL;DR: HTTP Response Header Register-Session-ID: sessID --or-- Register-Session-ID: sessID=23kml2r2-aniwpkmsd-li24t-35n Makes an entry in sessionStorage of the specified name, which entry can automatically be pulled (including its current value) from sessionStorage on each new page request (to same SOP target) and be sent along, as: HTTP Request Header Session-ID: 23kml2r2-aniwpkmsd-li24t-35n Thoughts? --Kyle
