[whatwg] Solving the login/logout problem in HTML

Julian Reschke julian.reschke at gmx.de
Tue Nov 25 13:05:51 PST 2008


Ian Hickson wrote:
> ...
>> I didn't yet have time to look into this in detail, but it currently 
>> seems to require the UA to still parse the HTML page. Wouldn't it be 
>> better of the *headers* of the response (such as WW-Authenticate, Link, 
>> ...) would contain sufficient information to perform the login without 
>> having to do that; such as a URI to POST to, plus the parameter names 
>> for user name and password?
> 
> The problem is that you'd basically have to duplicate the entire form, 
> since login forms can be arbitrarily complex. If the bot has the username 
> and password, why not also give it the username field name, password field 
> name, and login script url? Just consider them part of the credentials.

That works in theory, but doesn't scale.

For instance, we've been working on a search engine that scan internet 
sites that may require authentication. Configuring that login for each 
site would be a maintenance nightmare.

So, on the other hand, if the login form is more complex than username + 
password, what is a bot supposed to do with it?

BR, Julian





More information about the whatwg mailing list