Bug 16739 - should the format of SessionID be more strictly defined
authorMark Watson <watsonm@netflix.com>
Thu, 06 Dec 2012 16:00:59 -0800
changeset 49 96098ab59a59
parent 48 f3492fa3f14c
child 50 ee6e8ae9337c
Bug 16739 - should the format of SessionID be more strictly defined
encrypted-media/encrypted-media.html
encrypted-media/encrypted-media.xml
--- a/encrypted-media/encrypted-media.html	Thu Dec 06 15:54:09 2012 -0800
+++ b/encrypted-media/encrypted-media.html	Thu Dec 06 16:00:59 2012 -0800
@@ -198,6 +198,8 @@
     The user agent/CDM manage the lifetime of Session IDs.
     All Session IDs are cleared from the <a href="#media-element">media element</a> when a load occurs, although the CDM may retain them for longer periods.
     </p>
+    <p>Each SessionID shall be unique within the browsing context in which it was created. If secure proof of key release is supported each Session ID shall
+    be unique within the origin. Note that this last requirement implies that Session IDs shall be unique over time including across browsing sessions.</p>
 
     <p class="non-normative">Applications should always provide the session ID from an event in subsequent calls for this key or license.
     (This is a best practice, even if the current Key System does not support session IDs.)
--- a/encrypted-media/encrypted-media.xml	Thu Dec 06 15:54:09 2012 -0800
+++ b/encrypted-media/encrypted-media.xml	Thu Dec 06 16:00:59 2012 -0800
@@ -194,6 +194,8 @@
     The user agent/CDM manage the lifetime of Session IDs.
     All Session IDs are cleared from the <a href="#media-element">media element</a> when a load occurs, although the CDM may retain them for longer periods.
     </p>
+    <p>Each SessionID shall be unique within the browsing context in which it was created. If secure proof of key release is supported each Session ID shall
+    be unique within the origin. Note that this last requirement implies that Session IDs shall be unique over time including across browsing sessions.</p>
 
     <p class="non-normative">Applications should always provide the session ID from an event in subsequent calls for this key or license.
     (This is a best practice, even if the current Key System does not support session IDs.)