W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > October to December 2005

Re: [Bug 18] no record of consensus for force-authenticate

From: Jim Luther <luther.j@apple.com>
Date: Mon, 31 Oct 2005 08:52:56 -0800
Message-Id: <6D8A9BB7-80C1-43D4-B421-5D4B40A455DD@apple.com>
To: webdav <w3c-dist-auth@w3.org>

On Oct 29, 2005, at 1:22 AM, Julian Reschke wrote:

>> More generally, it's not actually a WebDAV problem alone. If a  
>> client does a GET to a dynamically generated page, they could  
>> easily see different results based on whether they're  
>> authenticated or not. Since browsers today often cache  
>> authentication information, this means that the browser could  
>> inform the server that they'd like the challenge to save the user  
>> the step of first going to the site, seeing the anonymous page  
>> version, then choosing to login. Of course some sites use cookies  
>> for this but cookies are sometimes disabled, expired, etc.
> In which case I would recommend to
> - update Jim's description of the problem accordingly and
> - do this in a separate draft, optimally discussed on the HTTP WG's  
> mailing list.

I agree with those who have said this is not a WebDAV specific issue.  
It should be discussed as a separate HTTP issue.

- Jim
Received on Monday, 31 October 2005 16:52:48 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 15:01:33 UTC