- From: S. Mike Dierken <mdierken@hotmail.com>
- Date: Mon, 13 Jun 2005 23:10:07 -0700
> > - HTTP doesn't have sessions, that's a fiction that server authors created > Sorry. You are quite correct. I've been sloppy with my language. > (Hopefully I'll get it correct this time :-) ) I was being overly pedantic, sorry. Bad habit. I knew what you meant... > So you want some standard "hand shake" for logging off. I.e., > > #1: The client sends a "log me out" message to the server. > #2: The server receives the "log me out" message and "cleans up". > #3: The server sends a "you are logged out" message to the client. > #4: The client clears the "HTTP Authenication" data. > > Is that something along the lines of what you are suggesting? Actually, I don't want #1 or #2 to be standard (the existing POST method would work), I would like #3/#4 to be provided by the protocol. As you mentioned earlier, the client could provide a 'clear authentication' button or an extension to HTML forms, and although that would work, it doesn't give quite the kind of control web page developers would want (where to redirect the user, what the result page looks like, a chance to notify the server, etc). I like the ability for the server to participate in login/logout activity. > Maybe we need a standard for this. I think we do - if this is an appropriate approach. It's a general capability that would apply to many web apps, many servers and many clients (desktop browsers, handhelds, phones, etc).
Received on Monday, 13 June 2005 23:10:07 UTC