W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2010

Re: Past Proposals for HTTP Auth Logout

From: Tim <tim-projects@sentinelchicken.org>
Date: Sat, 30 Jan 2010 19:39:45 -0800
To: Bil Corry <bil@corry.biz>
Cc: Yutaka OIWA <y.oiwa@aist.go.jp>, ietf-http-wg@w3.org
Message-ID: <20100131033945.GO1331@sentinelchicken.org>
Bil,

> Here's an example of using AJAX to log out a user via HTTP Auth:
> 
> 	http://www.corry.biz/logout_demo/

Oh, nice, I hadn't thought of this before.  To summarize, you just set
up a page within the protection space which always returns a 200 code
and then access it via XMLHttpRequest with a bogus password.  What
browsers have you tested this on?

So it appears with logins and logouts, AJAX + response code hacks are
possible to make this work right now.  I still think an HTTP-level
session termination mechanism is worthwhile for user agents that don't
want to rely on JavaScript, but for most developers, this could be the
missing piece to make HTTP auth usable again.

thanks!
tim
Received on Sunday, 31 January 2010 03:33:45 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 2 February 2023 18:43:21 UTC