W3C home > Mailing lists > Public > w3c-wai-ig@w3.org > July to September 2004

RE: Accessibility of Pages Requiring Sign-In

From: Claire Agnew <clagnew@dodo.com.au>
Date: Tue, 27 Jul 2004 11:58:03 +1000
To: "'Matthew Smith'" <matt@kbc.net.au>, <w3c-wai-ig@w3.org>
Message-ID: <001501c4737d$277d0ef0$8119fea9@clagnew>

Hi Matthew
HTTP Authentication is my preferred method - for the reasons you

Instead of the pop-up a scripting language can be used to manage the
HTTP Authentication process (providing login and logout
functionality via a web page).


-----Original Message-----
From: w3c-wai-ig-request@w3.org [mailto:w3c-wai-ig-request@w3.org]
On Behalf Of Matthew Smith
Sent: Tuesday, 27 July 2004 11:27 AM
To: WAI Interest Group
Subject: Accessibility of Pages Requiring Sign-In

Hi All

I would be interested to hear peoples thoughts on the following two
methods of 
protecting pages:

1) HTTP Basic Authentication
For me, this is the easiest type to use when coding an application -
Apache (the 
web server software) looks after everything for me.

With graphical user agents, the sign-in appears as a pop-up.  Does
this not 
cause a problem with screen readers working with Mozilla/IE/etc. ?

The only other flaw that this has, in my mind, is a security one
rather than one 
of accessiblity; as the user agent tends to cache the authentication

information, there is no real way to "log out" without closing the
user agent.

2) Cookie Authentication
This would appear quite friendly from a user perspective, but what
if the user 
agent does not support cookies?

It appears to me that neither solution is totally accessible, so
what should one do?



Matthew Smith
Kadina Business Consultancy
South Australia

Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.726 / Virus Database: 481 - Release Date: 22/07/2004
Received on Monday, 26 July 2004 21:57:55 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 13 October 2015 16:21:29 UTC