[whatwg] Solving the login/logout problem in HTML

Thomas Broyer wrote:
> I don't really mind, as long as the server is able to say "I give you
> this thing to you anonymous user, but you can also authenticate (e.g.
> to be proposed more features)". This is the exact use-case many web
> site (including most if not all e-commerce web sites) are facing, and
> it'd be cool that it could be dealt with at the HTTP level.

Yes, I agree that this is a valid use case. I think "Vary: 
Authentication" is sufficient for a client to detect that authenticating 
will indeed have an effect.

What else do we need?

> ...
>> The interesting question is whether we can retroactively specify it for 200
>> responses without breaking existing servers.
> ...and clients (and intermediaries, but you might have included them
> in "servers")

I was thinking "sites" (when I said "servers"), which would include all 
parties involved.


BR, Julian

Received on Thursday, 27 November 2008 08:56:21 UTC