- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Thu, 27 Nov 2008 17:56:21 +0100
Thomas Broyer wrote: > I don't really mind, as long as the server is able to say "I give you > this thing to you anonymous user, but you can also authenticate (e.g. > to be proposed more features)". This is the exact use-case many web > site (including most if not all e-commerce web sites) are facing, and > it'd be cool that it could be dealt with at the HTTP level. Yes, I agree that this is a valid use case. I think "Vary: Authentication" is sufficient for a client to detect that authenticating will indeed have an effect. What else do we need? > ... >> The interesting question is whether we can retroactively specify it for 200 >> responses without breaking existing servers. > > ...and clients (and intermediaries, but you might have included them > in "servers") I was thinking "sites" (when I said "servers"), which would include all parties involved. Indeed. BR, Julian
Received on Thursday, 27 November 2008 08:56:21 UTC