[whatwg] suggestion: LINK element for session termination

Charles Iliya Krempeaux supercanadian at gmail.com
Mon Jun 13 12:32:29 PDT 2005


Having a way to "logout" the user from an HTTP authentication session
is very desirable.

The only reason I use "cookie" based authentication is because there
is no way (that I know of) to log the user out of an "HTTP
authentication session".  (Once they are logged in, they are always
logged in.)  (Although, really, there are some "hacks".  But those
hacks have usability issues.)

See ya

On 6/13/05, Hallvord R M Steen <hallvors at gmail.com> wrote:
> Regarding the following point from the "wishlist" of the specification:
> > Better defined user authentication state handling.
> > (Being able to "log out" of sites reliably, for instance,
> > or being able to integrate the HTTP authentication
> > model into the Web page.)
> It would be nice if the UA could have a unified "logged in" interface
> for both HTTP authentication and form login.
> I suggest a new LINK rel definition:
> <LINK rel="logout" href="/logout.cgi" />
> The presence of this tag indicates to the UA that the server considers
> the page a part of an authenticated session. This tag can be used by
> the UA for having a "logged in" indication and a "log out" feature in
> its UI.
> It might also be used by the UA to (optionally) automatically log out
> when the user closes the window or the application.
> Perhaps we want to add rel="login" too?
> --
> Hallvord R. M. Steen

     Charles Iliya Krempeaux, B.Sc.

     charles @ reptile.ca
     supercanadian @ gmail.com

     developer weblog: http://ChangeLog.ca/
 Ask the toughest Linux System questions at...   http://linuxmanagers.org/

More information about the whatwg mailing list