- From: Charles Iliya Krempeaux <supercanadian@gmail.com>
- Date: Tue, 14 Jun 2005 00:07:04 -0700
Hello, On 6/13/05, S. Mike Dierken <mdierken at hotmail.com> wrote: > > > > - HTTP doesn't have sessions, that's a fiction that server authors > created > > Sorry. You are quite correct. I've been sloppy with my language. > > (Hopefully I'll get it correct this time :-) ) > I was being overly pedantic, sorry. Bad habit. I knew what you meant... > > > > So you want some standard "hand shake" for logging off. I.e., > > > > #1: The client sends a "log me out" message to the server. > > #2: The server receives the "log me out" message and "cleans up". > > #3: The server sends a "you are logged out" message to the client. > > #4: The client clears the "HTTP Authenication" data. > > > > Is that something along the lines of what you are suggesting? > Actually, I don't want #1 or #2 to be standard (the existing POST method > would work), I would like #3/#4 to be provided by the protocol. > As you mentioned earlier, the client could provide a 'clear authentication' > button or an extension to HTML forms, and although that would work, it > doesn't give quite the kind of control web page developers would want (where > to redirect the user, what the result page looks like, a chance to notify > the server, etc). I like the ability for the server to participate in > login/logout activity. Yeah, I guess that's all you really need. Perhaps if a new HTTP "status code" was created, to signify the "logout", then that would work. So, for example: #1: The user clicks a logout button. #2: This POSTs the form. #3: This causes the server to "clean up" and return the new HTTP "status code" that signify "logged out". #4: The client receives this new HTTP "status code" and "clears" the HTTP Authentication info it has. > > Maybe we need a standard for this. > I think we do - if this is an appropriate approach. It's a general > capability that would apply to many web apps, many servers and many clients > (desktop browsers, handhelds, phones, etc). How's the one I suggested above? See ya -- Charles Iliya Krempeaux, B.Sc. charles @ reptile.ca supercanadian @ gmail.com developer weblog: http://ChangeLog.ca/ ___________________________________________________________________________ Ask the toughest Linux System questions at... http://linuxmanagers.org/
Received on Tuesday, 14 June 2005 00:07:04 UTC