[whatwg] suggestion: LINK element for session termination

Hallvord Reiar Michaelsen Steen hallvord at hallvord.com
Tue Jun 14 17:02:02 PDT 2005

On 14 Jun 2005 at 0:07, Charles Iliya Krempeaux wrote:

> Yeah, I guess that's all you really need.

For HTTP authentication, it probably is. But I was also looking for a 
generic way to let the UA know when a page is a part of a "session" 
whether that session is established with forms login or authenticate 

For authenticate of course the UA does know when it sent the 
authentication headers, and with your suggestion below it can also 
learn when the server considers the session closed. With a forms 
login, you would need to apply very uncertain logistics to tell if 
something was part of a session (something like "user has posted a 
form with a password to this site earlier and the site has not 
deleted all its cookies since then"?). I sort of liked LINK 
rel="logout" .. :)

> Perhaps if a new HTTP "status code" was created, to signify the
> "logout", then that would work.  So, for example:
>     #1: The user clicks a logout button.
>     #2: This POSTs the form.
>     #3: This causes the server to "clean up" and return the new HTTP
> "status code" that signify "logged out".
>     #4: The client receives this new HTTP "status code" and "clears"
> the HTTP Authentication info it has.

Would be great. :-) Hope you take this forward to the IETF..
Hallvord Reiar Michaelsen Steen

More information about the whatwg mailing list