- From: Tom McLaren <tom@mclaren.tc>
- Date: Tue, 2 Jan 2001 20:25:26 -0000
- To: http-wg@cuckoo.hpl.hp.com
<apologies for resend> Excuse me if I'm missing the point, but with IE (my browser of choice), isn't this addressed by the autocomplete option, esp. the ability to clear passwords/details? Also, on shared PCs, I find deleting temporary files when I leave a necessity. An interesting point raised is whether browser vendors should expose what is primarily internal functionality to aid the user (e.g. password remembrance) to external (primarily display only) data. Similar to Java access permissions? Hmmm ... -----Original Message----- From: Dave Kristol [mailto:dmk@research.bell-labs.com] Sent: 02 January 2001 19:16 To: erik@primedata.org Cc: http-wg@cuckoo.hpl.hp.com Subject: Re: Logout "Erik Aronesty" <erik@primedata.org> wrote: > > Dear Sirs, > > Is it required that user agents have a mechanism for expiring or forgetting > the passwords that are used to access HTTP servers? IE: a "logout" button > for HTTP built-in authentication. > > I imagine that this is the sort of requirement that HTTP people think that > this should be in the HTML group - and vice-versa. > > However it is an embarrassing oversight in modern browsers. <sigh> You have touched on one of *my* hot buttons. I have argued for such a thing for, oh, about six years. Obviously without success. As you guess, it's not an HTTP issue, having nothing really to do with the *protocol*. But it's also not an HTML issue, having nothing to do with the content of pages. Rather it's a user interface issue, and thus at the discretion of the browser vendors. And, for whatever reason, they have never been interested in providing a way to discard passwords, except to exit the browser. I can think of two situations where such a feature would be *really* handy: 1) When I'm trying to debug server-side authentication code, and I want to force the browser I'm using to forget its passwords. 2) In an environment where machines are shared (college computer lab, public library, Internet cafe), and I want to discard the passwords I've entered before I leave the machine. Similar reasoning would recommend a feature to discard all cookies, as well, but that's another topic entirely. :-) Dave Kristol
Received on Tuesday, 2 January 2001 12:38:55 UTC