- From: Maurizio Codogno <mau@beatles.cselt.it>
- Date: Tue, 25 Nov 1997 17:48:57 +0100 (MET)
- To: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Scott answers Roy: % RTF> As a general rule, do not use a status code to indicate something which % RTF> is not status -- doing so breaks orthogonal design issues. % RTF> If the same functionality can be accomplished with a header field % RTF> (new or existing), then do that instead. % % You make an excellent point. We could add this to the % Authentication-Info header as follows: % % 3.2.3 The Authentication-Info Header % % When authentication succeeds, the server may optionally provide % an Authentication-Info header indicating that the server wants % to communicate some information regarding the successful % authentication. There is a thing I still do not understand. As some pointed out, often it is the client, not the server, which would like to forget the auth info (but this does not belong to HTTP); moreover the server cannot be sure that the client forgets the infos. This all said, shouldn't the server send a cookie (oops, wrong term :-)) which the client should send back together with the usual Authentication: data? ciao, .mau.
Received on Tuesday, 25 November 1997 08:54:10 UTC