W3C home > Mailing lists > Public > whatwg@whatwg.org > June 2005

[whatwg] suggestion: LINK element for session termination

From: Charles Iliya Krempeaux <supercanadian@gmail.com>
Date: Tue, 14 Jun 2005 00:07:04 -0700
Message-ID: <84ce626f050614000715d7fb04@mail.gmail.com>
Hello,

On 6/13/05, S. Mike Dierken <mdierken at hotmail.com> wrote:
> 
> > >  - HTTP doesn't have sessions, that's a fiction that server authors
> created
> > Sorry.  You are quite correct.  I've been sloppy with my language.
> > (Hopefully I'll get it correct this time :-)  )
> I was being overly pedantic, sorry. Bad habit. I knew what you meant...
> 
> 
> > So you want some standard "hand shake" for logging off.  I.e.,
> >
> >     #1: The client sends a "log me out" message to the server.
> >     #2: The server receives the "log me out" message and "cleans up".
> >     #3: The server sends a "you are logged out" message to the client.
> >     #4: The client clears the "HTTP Authenication" data.
> >
> > Is that something along the lines of what you are suggesting?
> Actually, I don't want #1 or #2 to be standard (the existing POST method
> would work), I would like #3/#4 to be provided by the protocol.
> As you mentioned earlier, the client could provide a 'clear authentication'
> button or an extension to HTML forms, and although that would work, it
> doesn't give quite the kind of control web page developers would want (where
> to redirect the user, what the result page looks like, a chance to notify
> the server, etc). I like the ability for the server to participate in
> login/logout activity.

Yeah, I guess that's all you really need.

Perhaps if a new HTTP "status code" was created, to signify the
"logout", then that would work.  So, for example:

    #1: The user clicks a logout button.
    #2: This POSTs the form.
    #3: This causes the server to "clean up" and return the new HTTP
"status code" that signify "logged out".
    #4: The client receives this new HTTP "status code" and "clears"
the HTTP Authentication info it has.

> > Maybe we need a standard for this.
> I think we do - if this is an appropriate approach. It's a general
> capability that would apply to many web apps, many servers and many clients
> (desktop browsers, handhelds, phones, etc).

How's the one I suggested above?


See ya

-- 
     Charles Iliya Krempeaux, B.Sc.

     charles @ reptile.ca
     supercanadian @ gmail.com

     developer weblog: http://ChangeLog.ca/
___________________________________________________________________________
 Ask the toughest Linux System questions at...   http://linuxmanagers.org/
Received on Tuesday, 14 June 2005 00:07:04 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:58:41 UTC