W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2021

WWW-Authenticate proposal: timeout flag

From: Soni L. <fakedme+http@gmail.com>
Date: Thu, 29 Apr 2021 17:24:54 -0300
To: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <11cedf9c-add4-d38c-8761-2ad4498caa47@gmail.com>
We'd like to be able to specify a timeout value for WWW-Authenticate, in
particular `timeout=0` so the HTTP authentication can be converted into
session cookies rather than sending the password in plaintext (sure, it
gets sent over TLS, but that doesn't matter) on every request. Would
anyone be interested in such proposal?
Received on Thursday, 29 April 2021 20:25:12 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 29 April 2021 20:25:13 UTC