- From: Tim <tim-projects@sentinelchicken.org>
- Date: Thu, 25 Feb 2010 08:06:56 -0800
- To: Bil Corry <bil@corry.biz>
- Cc: ietf-http-wg@w3.org
Bil, I've taken your trick for log outs and combined it with a few other tricks to build a sample application which achieves login, logout, and password changes all without the traditional HTTP authentication prompt. Take a peek: http://www.vsecurity.com/download/tools/fbha-poc_0.1.zip It seems to work well in IE 6, 7, and 8, as well as Firefox, Chrome, and Safari. It still doesn't work in Opera, but I think that's a lost cause until the proposed W3C standard is adopted. That standard, if adopted, would also make this code a lot simpler for other browsers. I haven't tested it in other browsers, besides these top 5. In any case, I think it shows how this is possible even now with current browser limitations, but I still feel strongly that an HTTP-level log out mechanism is needed for those without JavaScript. thanks, tim
Received on Thursday, 25 February 2010 16:07:27 UTC