- From: S. Mike Dierken <mdierken@hotmail.com>
- Date: Tue, 14 Jun 2005 00:59:28 -0700
> Yeah, I guess that's all you really need. > Perhaps if a new HTTP "status code" was created, to signify the > "logout", then that would work. So, for example: > > #1: The user clicks a logout button. > #2: This POSTs the form. > #3: This causes the server to "clean up" and return the new HTTP > "status code" that signify "logged out". > #4: The client receives this new HTTP "status code" and "clears" > the HTTP Authentication info it has. > How's the one I suggested above? Not sure if a status code or a reply header is more appropriate. The www-authenticate header indicates access to the resource requires authentication. Perhaps a header of www-unauthenticate could be created to do the inverse? In any case, the protocol work would need to be taken to IETF or some other body, likely after a working example of a browser & server was created somewhere. The server example might be as simple as a PHP page that returned that response header.
Received on Tuesday, 14 June 2005 00:59:28 UTC