[whatwg] Solving the login/logout problem in HTML

Ian Hickson ian at hixie.ch
Wed Nov 26 02:58:54 PST 2008


On Wed, 26 Nov 2008, Julian Reschke wrote:
>
> Ian Hickson wrote:
> > > A simple way to achieve it would be to restrict it to username/password
> > > pairs, and to have the names of these form parameters live in the response
> > > headers as well.
> > 
> > We would have to, at a minimum, include the name of the username field, the
> > name of the password field, and the URL of the form to POST to. I am very
> > wary of duplicating information that is already available as it tends to
> > become out of date and thus ends up being even more of a pain than if the
> > information isn't there in the first place.
> 
> I would expect that information to be autogenerated.

I would be very surprised if it was. If it turns out to be widely 
autogenerated, then I'd be happy to add features to help with that.


> Anyway, if it's out of sync, authentication is not going to work, so it 
> should be noticed quickly.

On the contrary, authentication is going to work fine for 99% of users and 
it's only when a lone user tries using a bot that it'll break.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'



More information about the whatwg mailing list