- From: Charles Iliya Krempeaux <supercanadian@gmail.com>
- Date: Mon, 13 Jun 2005 12:32:29 -0700
Hello, Having a way to "logout" the user from an HTTP authentication session is very desirable. The only reason I use "cookie" based authentication is because there is no way (that I know of) to log the user out of an "HTTP authentication session". (Once they are logged in, they are always logged in.) (Although, really, there are some "hacks". But those hacks have usability issues.) See ya On 6/13/05, Hallvord R M Steen <hallvors at gmail.com> wrote: > Regarding the following point from the "wishlist" of the specification: > > > Better defined user authentication state handling. > > (Being able to "log out" of sites reliably, for instance, > > or being able to integrate the HTTP authentication > > model into the Web page.) > > It would be nice if the UA could have a unified "logged in" interface > for both HTTP authentication and form login. > > I suggest a new LINK rel definition: > > <LINK rel="logout" href="/logout.cgi" /> > > The presence of this tag indicates to the UA that the server considers > the page a part of an authenticated session. This tag can be used by > the UA for having a "logged in" indication and a "log out" feature in > its UI. > It might also be used by the UA to (optionally) automatically log out > when the user closes the window or the application. > > Perhaps we want to add rel="login" too? > -- > Hallvord R. M. Steen > -- Charles Iliya Krempeaux, B.Sc. charles @ reptile.ca supercanadian @ gmail.com developer weblog: http://ChangeLog.ca/ ___________________________________________________________________________ Ask the toughest Linux System questions at... http://linuxmanagers.org/
Received on Monday, 13 June 2005 12:32:29 UTC