[whatwg] Solving the login/logout problem in HTML
julian.reschke at gmx.de
Tue Nov 25 13:05:51 PST 2008
Ian Hickson wrote:
>> I didn't yet have time to look into this in detail, but it currently
>> seems to require the UA to still parse the HTML page. Wouldn't it be
>> better of the *headers* of the response (such as WW-Authenticate, Link,
>> ...) would contain sufficient information to perform the login without
>> having to do that; such as a URI to POST to, plus the parameter names
>> for user name and password?
> The problem is that you'd basically have to duplicate the entire form,
> since login forms can be arbitrarily complex. If the bot has the username
> and password, why not also give it the username field name, password field
> name, and login script url? Just consider them part of the credentials.
That works in theory, but doesn't scale.
For instance, we've been working on a search engine that scan internet
sites that may require authentication. Configuring that login for each
site would be a maintenance nightmare.
So, on the other hand, if the login form is more complex than username +
password, what is a bot supposed to do with it?
More information about the whatwg