- From: Matthew Thomas <mpt@myrealbox.com>
- Date: Fri, 17 Dec 2004 17:45:48 +1300
On 17 Dec, 2004, at 3:33 PM, Ian Hickson wrote: > ... > On Fri, 17 Dec 2004, Matthew Thomas wrote: > ... >> Perhaps a more consistent, and more backward-compatible, approach >> would be to fill those gaps in HTTP authentication that currently >> cause site designers to use other schemes (such as a destination URI >> for an optional "I Forgot My Password" button). > > The thing missing from HTTP auth is that you can go to a site (without > authenticating), then when you want to, enter your name and password, > and show the same page, with customised information, and later return > to that same URI, and be already logged in. > ... I don't think that's missing -- it's already possible in every popular browser except Safari. In their HTTP authentication alerts, Safari treats "Cancel" as "Stop", but other browsers treat "Cancel" as "Continue Without Logging In". In many sites this displays an error page, but it needn't; it could instead display the non-logged-in version of the site. Future browsers could, instead of displaying an alert for HTTP authentication, provide the authentication UI in a panel at the top of the non-authenticated page (fixing annoying modality issues in the process). That wouldn't require any change to HTTP authentication either. -- Matthew Thomas http://mpt.net.nz/
Received on Thursday, 16 December 2004 20:45:48 UTC