- From: David Morris <dwm@xpasc.com>
- Date: Thu, 7 Jan 2010 13:51:39 -0800 (PST)
- To: Nicolas Alvarez <nicolas.alvarez@gmail.com>
- cc: ietf-http-wg@w3.org
On Thu, 7 Jan 2010, Nicolas Alvarez wrote: > Tim wrote: >> I'm doing some research and I'm interested in learning about any past >> proposals to augment HTTP authentication (basic/digest) with a logout >> feature. I have spent several hours reading mailing list archives and >> searching the web, and while I've found plenty of related information, >> I'm surprised to find no concrete proposals for this feature. > > I don't see how that concerns HTTP; it's a missing feature on the browsers. > > Credentials are sent on every request. All you need is a logout button on > the *browser* that makes it stop sending credentials. Go file feature > requests to the browser vendors :) So on what basis does the browser prompt again? It is likely a better user experience if the flush credentials is part of a server response to a web page logout button which lets both ends know the logout occured and takes the user to a page which doesn't immediately present a new credential dialog.
Received on Thursday, 7 January 2010 21:52:18 UTC