[whatwg] connecting usernames and passwords

On 17 Dec, 2004, at 3:33 PM, Ian Hickson wrote:
> ...
> On Fri, 17 Dec 2004, Matthew Thomas wrote:
> ...
>> Perhaps a more consistent, and more backward-compatible, approach 
>> would be to fill those gaps in HTTP authentication that currently 
>> cause site designers to use other schemes (such as a destination URI 
>> for an optional "I Forgot My Password" button).
>
> The thing missing from HTTP auth is that you can go to a site (without
> authenticating), then when you want to, enter your name and password, 
> and show the same page, with customised information, and later return 
> to that same URI, and be already logged in.
> ...

I don't think that's missing -- it's already possible in every popular 
browser except Safari. In their HTTP authentication alerts, Safari 
treats "Cancel" as "Stop", but other browsers treat "Cancel" as 
"Continue Without Logging In". In many sites this displays an error 
page, but it needn't; it could instead display the non-logged-in 
version of the site.

Future browsers could, instead of displaying an alert for HTTP 
authentication, provide the authentication UI in a panel at the top of 
the non-authenticated page (fixing annoying modality issues in the 
process). That wouldn't require any change to HTTP authentication 
either.

-- 
Matthew Thomas
http://mpt.net.nz/

Received on Thursday, 16 December 2004 20:45:48 UTC