W3C home > Mailing lists > Public > whatwg@whatwg.org > November 2008

[whatwg] Solving the login/logout problem in HTML

From: Julian Reschke <julian.reschke@gmx.de>
Date: Tue, 25 Nov 2008 22:05:51 +0100
Message-ID: <492C68AF.2050302@gmx.de>
Ian Hickson wrote:
> ...
>> I didn't yet have time to look into this in detail, but it currently 
>> seems to require the UA to still parse the HTML page. Wouldn't it be 
>> better of the *headers* of the response (such as WW-Authenticate, Link, 
>> ...) would contain sufficient information to perform the login without 
>> having to do that; such as a URI to POST to, plus the parameter names 
>> for user name and password?
> 
> The problem is that you'd basically have to duplicate the entire form, 
> since login forms can be arbitrarily complex. If the bot has the username 
> and password, why not also give it the username field name, password field 
> name, and login script url? Just consider them part of the credentials.

That works in theory, but doesn't scale.

For instance, we've been working on a search engine that scan internet 
sites that may require authentication. Configuring that login for each 
site would be a maintenance nightmare.

So, on the other hand, if the login form is more complex than username + 
password, what is a bot supposed to do with it?

BR, Julian
Received on Tuesday, 25 November 2008 13:05:51 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:07 UTC