[whatwg] suggestion: LINK element for session termination

[S. Mike Dierken]

> >  - HTTP doesn't have sessions, that's a fiction that server authors
created
> Sorry.  You are quite correct.  I've been sloppy with my language.
> (Hopefully I'll get it correct this time :-)  )
I was being overly pedantic, sorry. Bad habit. I knew what you meant...


> So you want some standard "hand shake" for logging off.  I.e.,
>
>     #1: The client sends a "log me out" message to the server.
>     #2: The server receives the "log me out" message and "cleans up".
>     #3: The server sends a "you are logged out" message to the client.
>     #4: The client clears the "HTTP Authenication" data.
>
> Is that something along the lines of what you are suggesting?
Actually, I don't want #1 or #2 to be standard (the existing POST method
would work), I would like #3/#4 to be provided by the protocol.
As you mentioned earlier, the client could provide a 'clear authentication'
button or an extension to HTML forms, and although that would work, it
doesn't give quite the kind of control web page developers would want (where
to redirect the user, what the result page looks like, a chance to notify
the server, etc). I like the ability for the server to participate in
login/logout activity.

> Maybe we need a standard for this.
I think we do - if this is an appropriate approach. It's a general
capability that would apply to many web apps, many servers and many clients
(desktop browsers, handhelds, phones, etc).