W3C home > Mailing lists > Public > w3c-wai-ig@w3.org > July to September 2004

Re: Accessibility of Pages Requiring Sign-In

From: David Woolley <david@djwhome.demon.co.uk>
Date: Tue, 27 Jul 2004 21:19:15 +0100 (BST)
Message-Id: <200407272019.i6RKJFq00423@djwhome.demon.co.uk>
To: w3c-wai-ig@w3.org

> What does Cookie Authentication actually mean?  That you prompt users 
> for username and password, and if user submits correct credentials, you 
> start a session and store session ID (any kind of identifier) to a 
> cookie?  If so, you could also append the session ID to all the links. 
> [3] However, appending session ID information to the URLs may present 
> additional security issues. [4]

The difference is that you can cancel the session cookie independently
of the history.

Whilst cancelling the cookie is an advantage in some applications
when a user may be using a shared machine (although internet cafes really
ought to purge machines between users), I think the real reason it was
first invented was the normal one of wanting to be different from the
built in browser dialogue.
Received on Tuesday, 27 July 2004 16:50:36 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 13 October 2015 16:21:29 UTC