The issue can be considered both practical and theoretical.
I am developing a system using an HTTP client (Flash Player application) and a "backend" HTTP server. Registered users have their own personal image library. Images can be uploaded and, of course, subsequently restored.
Since users authenticate using cookies containing session identifiers, it became clear to me (and therefore the question) that I can provide the following kind of URL for an authenticated client to receive an image (an “asset” in my terminology). Please note that asset identifiers are unique even for all users, that is, there are no two users who have an asset with an identifier, for example 555. It is also assumed that the asset identifier is REALLY constant, that is, the identifier is not reused. The URL I was thinking of is this:
http://myserver/user/asset/<asset_id>
The brackets denote the value of the variable, i.e. it is obvious that these and "asset_id" should not be accepted in the transcript here, they indicate the actual identifier of the asset. The HTTP "request" to the above URL is expected to contain a cookie header with a user session identifier that uniquely authenticates and authorizes the user as the owner of the requested asset.
I really like permanent URLs (“Cool URIs don't change,” as Tim Berners-Lee once said), but obviously, since resource resources are private to the user who downloads / owns them, they should not be cached by any intermediate proxies servers, only user agents.
URL- ? , , cookie , URL- "--". , ? , , ? - , . .