[whatwg] connecting usernames and passwords
mpt at myrealbox.com
Thu Dec 16 20:45:48 PST 2004
On 17 Dec, 2004, at 3:33 PM, Ian Hickson wrote:
> On Fri, 17 Dec 2004, Matthew Thomas wrote:
>> Perhaps a more consistent, and more backward-compatible, approach
>> would be to fill those gaps in HTTP authentication that currently
>> cause site designers to use other schemes (such as a destination URI
>> for an optional "I Forgot My Password" button).
> The thing missing from HTTP auth is that you can go to a site (without
> authenticating), then when you want to, enter your name and password,
> and show the same page, with customised information, and later return
> to that same URI, and be already logged in.
I don't think that's missing -- it's already possible in every popular
browser except Safari. In their HTTP authentication alerts, Safari
treats "Cancel" as "Stop", but other browsers treat "Cancel" as
"Continue Without Logging In". In many sites this displays an error
page, but it needn't; it could instead display the non-logged-in
version of the site.
Future browsers could, instead of displaying an alert for HTTP
authentication, provide the authentication UI in a panel at the top of
the non-authenticated page (fixing annoying modality issues in the
process). That wouldn't require any change to HTTP authentication
More information about the whatwg