- From: Koen Holtman <koen@win.tue.nl>
- Date: Thu, 6 Feb 1997 18:16:16 +0100 (MET)
- To: kdyer@draper.com
- Cc: www-security@ns2.rutgers.edu, www-talk@w3.org
Kevin J. Dyer: [...] >This thread about allowing users to change their passwords via CGI/ Applets >can go on forever. I would like to hear from the community about the >possiblity >of expanding the 4xx codes in HTTP/1.1 to include the following: > > 416 Re-Validation requested > > The username was accepted but the password was challenged again or > the sysadmin expired the password, etc. > > The user agent would display a pop-up requesting two fields. Do you have in mind that this code should clear the password cache of the user agent, effectively ending the auhenticated session so that the user can walk away from the (public) web browser? A code for that would be useful. If you just want to make the password requestor pop up, sending a 401 will do that on most user agents. But if the user presses cancel on the pop-up, most user agents will keep on sending the old password. Koen.
Received on Thursday, 6 February 1997 12:18:48 UTC