[whatwg] Solving the login/logout problem in HTML
Julian Reschke
julian.reschke at gmx.de
Wed Nov 26 04:10:01 PST 2008
Thomas Broyer wrote:
> ...
>> You can already handle the case of content that's available unauthenticated,
>> but would potentially differ in case of being authenticated by adding
>>
>> Vary: Authorization
>>
>> to a response.
>
> I seem to recall Roy T. Fielding arguing *against* that when we were
> discussing user-specific service documents in the Atom Protocol group.
> ...
It's not needed when the resource only allows authenticated access.
It *will* be necessary (or some other response header dealing with
caching) if you mix both authenticated and anonymous access to the same
resource.
BR, Julian
More information about the whatwg
mailing list