Bil, I've taken your trick for log outs and combined it with a few other tricks to build a sample application which achieves login, logout, and password changes all without the traditional HTTP authentication prompt. Take a peek: http://www.vsecurity.com/download/tools/fbha-poc_0.1.zip It seems to work well in IE 6, 7, and 8, as well as Firefox, Chrome, and Safari. It still doesn't work in Opera, but I think that's a lost cause until the proposed W3C standard is adopted. That standard, if adopted, would also make this code a lot simpler for other browsers. I haven't tested it in other browsers, besides these top 5. In any case, I think it shows how this is possible even now with current browser limitations, but I still feel strongly that an HTTP-level log out mechanism is needed for those without JavaScript. thanks, timReceived on Thursday, 25 February 2010 16:07:27 UTC
This archive was generated by hypermail 2.4.0 : Thursday, 2 February 2023 18:43:21 UTC