[whatwg] Session Management

Op 02-03-11 22:11:48 schreef Roger H?gensen:
>Method #3:
>The server (or serverside script, like PHP or similar) sends the 
>following to the browser:
>     header('HTTP/1.0 401 Unauthorized');
>     header('WWW-Authenticate: Close realm="My Realm"');
>     *PS! the auth stuff is much longer here obviously, this was just
>     to show the use of "Close"*
>
>Note:
>If Method 1 or 2 is used the browser should probably send the 
>following
>
>to the server:
>     GET /private/index.html HTTP/1.1
>     Authorization: Close username="something"
>     *PS! the auth stuff is much longer here obviously, this was just
>     to show the use of "Close"*
>

May I point out that the HTTP is outside the scope of the HTML5 spec. 
Also the HTTP is stateless. This requires both parties keep state which 
breaks the statelessness property of the HTTP. I, for one, prefer to 
preserve the statelessness property of HTTP.

Received on Thursday, 3 March 2011 01:44:03 UTC