W3C home > Mailing lists > Public > whatwg@whatwg.org > March 2011

[whatwg] Session Management

From: Dave Kok <updates@davekok.net>
Date: Thu, 03 Mar 2011 10:44:03 +0100
Message-ID: <1299145443.2352.1@davekok>
Op 02-03-11 22:11:48 schreef Roger H?gensen:
>Method #3:
>The server (or serverside script, like PHP or similar) sends the 
>following to the browser:
>     header('HTTP/1.0 401 Unauthorized');
>     header('WWW-Authenticate: Close realm="My Realm"');
>     *PS! the auth stuff is much longer here obviously, this was just
>     to show the use of "Close"*
>
>Note:
>If Method 1 or 2 is used the browser should probably send the 
>following
>
>to the server:
>     GET /private/index.html HTTP/1.1
>     Authorization: Close username="something"
>     *PS! the auth stuff is much longer here obviously, this was just
>     to show the use of "Close"*
>

May I point out that the HTTP is outside the scope of the HTML5 spec. 
Also the HTTP is stateless. This requires both parties keep state which 
breaks the statelessness property of the HTTP. I, for one, prefer to 
preserve the statelessness property of HTTP.
Received on Thursday, 3 March 2011 01:44:03 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:31 UTC