W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > September to December 1997

Re: REAUTHENTICATION REQUIRED

From: Maurizio Codogno <mau@beatles.cselt.it>
Date: Tue, 25 Nov 1997 17:48:57 +0100 (MET)
Message-Id: <199711251648.RAA21747@beatles.cselt.it>
To: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Scott answers Roy:


% RTF> As a general rule, do not use a status code to indicate something which
% RTF> is not status -- doing so breaks orthogonal design issues.
% RTF> If the same functionality can be accomplished with a header field
% RTF> (new or existing), then do that instead.
% 
%   You make an excellent point.  We could add this to the
%   Authentication-Info header as follows:
% 
%        3.2.3 The Authentication-Info Header
% 
%        When authentication succeeds, the server may optionally provide
%        an Authentication-Info header indicating that the server wants
%        to communicate some information regarding the successful
%        authentication.

There is a thing I still do not understand. 

As some pointed out, often it is the client, not the server, which 
would like to forget the auth info (but this does not belong to HTTP); 
moreover the server cannot be sure that the client forgets the infos.

This all said, shouldn't the server send a cookie (oops, wrong term :-))
which the client should send back together with the usual Authentication:
data? 

ciao, .mau.
Received on Tuesday, 25 November 1997 08:54:10 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:33:04 EDT