W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2010

Re: Past Proposals for HTTP Auth Logout

From: David Morris <dwm@xpasc.com>
Date: Thu, 7 Jan 2010 13:51:39 -0800 (PST)
To: Nicolas Alvarez <nicolas.alvarez@gmail.com>
cc: ietf-http-wg@w3.org
Message-ID: <Pine.LNX.4.64.1001071348570.7497@egate.xpasc.com>


On Thu, 7 Jan 2010, Nicolas Alvarez wrote:

> Tim wrote:
>> I'm doing some research and I'm interested in learning about any past
>> proposals to augment HTTP authentication (basic/digest) with a logout
>> feature.  I have spent several hours reading mailing list archives and
>> searching the web, and while I've found plenty of related information,
>> I'm surprised to find no concrete proposals for this feature.
>
> I don't see how that concerns HTTP; it's a missing feature on the browsers.
>
> Credentials are sent on every request. All you need is a logout button on
> the *browser* that makes it stop sending credentials. Go file feature
> requests to the browser vendors :)

So on what basis does the browser prompt again? It is likely a better user
experience if the flush credentials is part of a server response to a
web page logout button which lets both ends know the logout occured and
takes the user to a page which doesn't immediately present a new 
credential dialog.
Received on Thursday, 7 January 2010 21:52:18 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:16 GMT