RE: OT re HTTP auth disassocation of credentials

FWIW, IE6+ offers a script-accessible method for clearing the session-cached credentials, and both Chrome and Firefox have bugs filed to offer similar functionality. See the end of the post http://blogs.msdn.com/b/ieinternals/archive/2010/04/05/understanding-browser-session-lifetime.aspx

One interesting scenario Microsoft ran into here recently is that the new "Metro-style" version of our browser cannot be "closed" in the usual way (its lifetime is controlled automatically). We settled upon having the closure of the last tab (which simply replaces the old tab with a new default tab) clear the authentication cache and session cookies, even though the browser itself does not close.

-Eric

-----Original Message-----
From: ietf-http-wg-request@w3.org [mailto:ietf-http-wg-request@w3.org] On Behalf Of Bjoern Hoehrmann
Sent: Tuesday, September 20, 2011 3:52 AM
To: Karl Dubost
Cc: HTTP Working Group
Subject: Re: OT re HTTP auth disassocation of credentials

* Karl Dubost wrote:
>As much as I could see the benefit for it. I do not think this will fly 
>for browser vendors. They are all currently trying to simplify the UI 
>and minimize it.

I have argued for such a feature without success since the 1990s, but at the moment you have at least Mozilla working on putting the login/logout gizmos into the browser user interface. I am not saying what they are doing is any good, but they are doing something, and I doubt this taking up screen space is regarded as much of a problem there.
--
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ 

Received on Wednesday, 21 September 2011 15:30:24 UTC