Re: [Bug 18] no record of consensus for force-authenticate

On Oct 29, 2005, at 1:22 AM, Julian Reschke wrote:

>> More generally, it's not actually a WebDAV problem alone. If a  
>> client does a GET to a dynamically generated page, they could  
>> easily see different results based on whether they're  
>> authenticated or not. Since browsers today often cache  
>> authentication information, this means that the browser could  
>> inform the server that they'd like the challenge to save the user  
>> the step of first going to the site, seeing the anonymous page  
>> version, then choosing to login. Of course some sites use cookies  
>> for this but cookies are sometimes disabled, expired, etc.
>
> In which case I would recommend to
>
> - update Jim's description of the problem accordingly and
>
> - do this in a separate draft, optimally discussed on the HTTP WG's  
> mailing list.

I agree with those who have said this is not a WebDAV specific issue.  
It should be discussed as a separate HTTP issue.

- Jim

Received on Monday, 31 October 2005 16:52:48 UTC