W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2010

Re: Past Proposals for HTTP Auth Logout

From: Tim <tim-projects@sentinelchicken.org>
Date: Thu, 25 Feb 2010 08:06:56 -0800
To: Bil Corry <bil@corry.biz>
Cc: ietf-http-wg@w3.org
Message-ID: <20100225160656.GX2153@sentinelchicken.org>

Bil,

I've taken your trick for log outs and combined it with a few other
tricks to build a sample application which achieves login, logout, and
password changes all without the traditional HTTP authentication
prompt.  Take a peek:

  http://www.vsecurity.com/download/tools/fbha-poc_0.1.zip

It seems to work well in IE 6, 7, and 8, as well as Firefox, Chrome,
and Safari.  It still doesn't work in Opera, but I think that's a lost
cause until the proposed W3C standard is adopted.  That standard, if
adopted, would also make this code a lot simpler for other browsers.
I haven't tested it in other browsers, besides these top 5.

In any case, I think it shows how this is possible even now with
current browser limitations, but I still feel strongly that an
HTTP-level log out mechanism is needed for those without JavaScript.

thanks,
tim
Received on Thursday, 25 February 2010 16:07:27 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 2 February 2023 18:43:21 UTC