[whatwg] Session Management

Dave Kok updates at davekok.net
Thu Mar 3 01:44:03 PST 2011


Op 02-03-11 22:11:48 schreef Roger Hågensen:
>Method #3:
>The server (or serverside script, like PHP or similar) sends the 
>following to the browser:
>     header('HTTP/1.0 401 Unauthorized');
>     header('WWW-Authenticate: Close realm="My Realm"');
>     *PS! the auth stuff is much longer here obviously, this was just
>     to show the use of "Close"*
>
>Note:
>If Method 1 or 2 is used the browser should probably send the 
>following
>
>to the server:
>     GET /private/index.html HTTP/1.1
>     Authorization: Close username="something"
>     *PS! the auth stuff is much longer here obviously, this was just
>     to show the use of "Close"*
>

May I point out that the HTTP is outside the scope of the HTML5 spec. 
Also the HTTP is stateless. This requires both parties keep state which 
breaks the statelessness property of the HTTP. I, for one, prefer to 
preserve the statelessness property of HTTP.



More information about the whatwg mailing list