[whatwg] Solving the login/logout problem in HTML
Ian Hickson
ian at hixie.ch
Wed Nov 26 02:58:54 PST 2008
On Wed, 26 Nov 2008, Julian Reschke wrote:
>
> Ian Hickson wrote:
> > > A simple way to achieve it would be to restrict it to username/password
> > > pairs, and to have the names of these form parameters live in the response
> > > headers as well.
> >
> > We would have to, at a minimum, include the name of the username field, the
> > name of the password field, and the URL of the form to POST to. I am very
> > wary of duplicating information that is already available as it tends to
> > become out of date and thus ends up being even more of a pain than if the
> > information isn't there in the first place.
>
> I would expect that information to be autogenerated.
I would be very surprised if it was. If it turns out to be widely
autogenerated, then I'd be happy to add features to help with that.
> Anyway, if it's out of sync, authentication is not going to work, so it
> should be noticed quickly.
On the contrary, authentication is going to work fine for 99% of users and
it's only when a lone user tries using a bot that it'll break.
--
Ian Hickson U+1047E )\._.,--....,'``. fL
http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
More information about the whatwg
mailing list