- From: Hallvord Reiar Michaelsen Steen <hallvord@hallvord.com>
- Date: Wed, 15 Jun 2005 02:02:02 +0200
On 14 Jun 2005 at 0:07, Charles Iliya Krempeaux wrote: > Yeah, I guess that's all you really need. For HTTP authentication, it probably is. But I was also looking for a generic way to let the UA know when a page is a part of a "session" whether that session is established with forms login or authenticate headers. For authenticate of course the UA does know when it sent the authentication headers, and with your suggestion below it can also learn when the server considers the session closed. With a forms login, you would need to apply very uncertain logistics to tell if something was part of a session (something like "user has posted a form with a password to this site earlier and the site has not deleted all its cookies since then"?). I sort of liked LINK rel="logout" .. :) > Perhaps if a new HTTP "status code" was created, to signify the > "logout", then that would work. So, for example: > > #1: The user clicks a logout button. > #2: This POSTs the form. > #3: This causes the server to "clean up" and return the new HTTP > "status code" that signify "logged out". > #4: The client receives this new HTTP "status code" and "clears" > the HTTP Authentication info it has. Would be great. :-) Hope you take this forward to the IETF.. -- Hallvord Reiar Michaelsen Steen http://www.hallvord.com/
Received on Tuesday, 14 June 2005 17:02:02 UTC