W3C home > Mailing lists > Public > whatwg@whatwg.org > June 2005

[whatwg] suggestion: LINK element for session termination

From: Hallvord Reiar Michaelsen Steen <hallvord@hallvord.com>
Date: Wed, 15 Jun 2005 02:02:02 +0200
Message-ID: <42AF8C1A.12077.5EFD81@localhost>
On 14 Jun 2005 at 0:07, Charles Iliya Krempeaux wrote:

> Yeah, I guess that's all you really need.

For HTTP authentication, it probably is. But I was also looking for a 
generic way to let the UA know when a page is a part of a "session" 
whether that session is established with forms login or authenticate 
headers.

For authenticate of course the UA does know when it sent the 
authentication headers, and with your suggestion below it can also 
learn when the server considers the session closed. With a forms 
login, you would need to apply very uncertain logistics to tell if 
something was part of a session (something like "user has posted a 
form with a password to this site earlier and the site has not 
deleted all its cookies since then"?). I sort of liked LINK 
rel="logout" .. :)

> Perhaps if a new HTTP "status code" was created, to signify the
> "logout", then that would work.  So, for example:
> 
>     #1: The user clicks a logout button.
>     #2: This POSTs the form.
>     #3: This causes the server to "clean up" and return the new HTTP
> "status code" that signify "logged out".
>     #4: The client receives this new HTTP "status code" and "clears"
> the HTTP Authentication info it has.

Would be great. :-) Hope you take this forward to the IETF..
-- 
Hallvord Reiar Michaelsen Steen
http://www.hallvord.com/
Received on Tuesday, 14 June 2005 17:02:02 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:58:41 UTC