[whatwg] connecting usernames and passwords

Matthew Thomas mpt at myrealbox.com
Thu Dec 16 20:45:48 PST 2004

On 17 Dec, 2004, at 3:33 PM, Ian Hickson wrote:
> ...
> On Fri, 17 Dec 2004, Matthew Thomas wrote:
> ...
>> Perhaps a more consistent, and more backward-compatible, approach 
>> would be to fill those gaps in HTTP authentication that currently 
>> cause site designers to use other schemes (such as a destination URI 
>> for an optional "I Forgot My Password" button).
> The thing missing from HTTP auth is that you can go to a site (without
> authenticating), then when you want to, enter your name and password, 
> and show the same page, with customised information, and later return 
> to that same URI, and be already logged in.
> ...

I don't think that's missing -- it's already possible in every popular 
browser except Safari. In their HTTP authentication alerts, Safari 
treats "Cancel" as "Stop", but other browsers treat "Cancel" as 
"Continue Without Logging In". In many sites this displays an error 
page, but it needn't; it could instead display the non-logged-in 
version of the site.

Future browsers could, instead of displaying an alert for HTTP 
authentication, provide the authentication UI in a panel at the top of 
the non-authenticated page (fixing annoying modality issues in the 
process). That wouldn't require any change to HTTP authentication 

Matthew Thomas

More information about the whatwg mailing list