Re: Past Proposals for HTTP Auth Logout

On Thu, 7 Jan 2010, Nicolas Alvarez wrote:

> Tim wrote:
>> I'm doing some research and I'm interested in learning about any past
>> proposals to augment HTTP authentication (basic/digest) with a logout
>> feature.  I have spent several hours reading mailing list archives and
>> searching the web, and while I've found plenty of related information,
>> I'm surprised to find no concrete proposals for this feature.
> I don't see how that concerns HTTP; it's a missing feature on the browsers.
> Credentials are sent on every request. All you need is a logout button on
> the *browser* that makes it stop sending credentials. Go file feature
> requests to the browser vendors :)

So on what basis does the browser prompt again? It is likely a better user
experience if the flush credentials is part of a server response to a
web page logout button which lets both ends know the logout occured and
takes the user to a page which doesn't immediately present a new 
credential dialog.

Received on Thursday, 7 January 2010 21:52:18 UTC