- From: Ian Hickson <ian@hixie.ch>
- Date: Fri, 17 Dec 2004 02:33:10 +0000 (UTC)
On Fri, 17 Dec 2004, Matthew Thomas wrote: > > But UAs already have to provide their own UI for HTTP authentication. > Adding the ability to do such authentication with forms would make the > user experience less consistent, because the interface on each site > would be different. > > Perhaps a more consistent, and more backward-compatible, approach would > be to fill those gaps in HTTP authentication that currently cause site > designers to use other schemes (such as a destination URI for an > optional "I Forgot My Password" button). The thing missing from HTTP auth is that you can go to a site (without authenticating), then when you want to, enter your name and password, and show the same page, with customised information, and later return to that same URI, and be already logged in. Basically, have everything work without a separate login step that is outside the page (and not under the control of the author). -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Thursday, 16 December 2004 18:33:10 UTC