W3C home > Mailing lists > Public > whatwg@whatwg.org > November 2008

[whatwg] Solving the login/logout problem in HTML

From: Julian Reschke <julian.reschke@gmx.de>
Date: Wed, 26 Nov 2008 13:10:01 +0100
Message-ID: <492D3C99.7040509@gmx.de>
Thomas Broyer wrote:
> ...
>> You can already handle the case of content that's available unauthenticated,
>> but would potentially differ in case of being authenticated by adding
>>
>>  Vary: Authorization
>>
>> to a response.
> 
> I seem to recall Roy T. Fielding arguing *against* that when we were
> discussing user-specific service documents in the Atom Protocol group.
> ...

It's not needed when the resource only allows authenticated access.

It *will* be necessary (or some other response header dealing with 
caching) if you mix both authenticated and anonymous access to the same 
resource.

BR, Julian
Received on Wednesday, 26 November 2008 04:10:01 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:07 UTC