- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Wed, 22 Feb 2012 12:47:55 +0100
- To: Willy Tarreau <w@1wt.eu>
- CC: Robert Collins <robertc@squid-cache.org>, Barry Leiba <barryleiba@computer.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
On 2012-02-22 12:16, Willy Tarreau wrote: > ... > There's nothing wrong, but I've never seen a browser suggest to logout/relog > upon a 403. Also, since browsers don't offer the possibility to logout in > general, it's hard to suggest that this possibility should be specifically > offered upon 403. In fact it's the global authentication/authorization > mechanism that should be cleaned up in 2.0 and I don't think it's too hard, > we just have to clearly state that we might break *some* of the 1.1 assumptions. > ... If browsers had an API for logging off, servers could send a 403 response page *doing* the log off. Wouldn't that be sufficient? Best regards, Julian
Received on Wednesday, 22 February 2012 11:48:41 UTC