W3C home > Mailing lists > Public > www-talk@w3.org > January to February 1997

Re: adduser web page

From: Koen Holtman <koen@win.tue.nl>
Date: Thu, 6 Feb 1997 18:16:16 +0100 (MET)
Message-Id: <199702061716.SAA23445@wsooti08.win.tue.nl>
To: kdyer@draper.com
Cc: www-security@ns2.rutgers.edu, www-talk@w3.org
Kevin J. Dyer:
[...]
>This thread about allowing users to change their passwords via CGI/ Applets
>can go on forever.  I would like to hear from the community about the
>possiblity
>of expanding the 4xx codes in HTTP/1.1 to include the following:
>
>	416  Re-Validation requested
>
>	The username was accepted but the password was challenged again or
>	the sysadmin expired the password, etc.
>
>	The user agent would display a pop-up requesting two fields.

Do you have in mind that this code should clear the password cache of the
user agent, effectively ending the auhenticated session so that the user can
walk away from the (public) web browser?  A code for that would be useful.

If you just want to make the password requestor pop up, sending a 401 will
do that on most user agents.  But if the user presses cancel on the pop-up,
most user agents will keep on sending the old password.

Koen.
Received on Thursday, 6 February 1997 12:18:48 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 27 October 2010 18:14:22 GMT