Re: Logout

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Douglas Sims: "Re: Logout"
• Previous message: Erik Aronesty: "Logout"
• Maybe in reply to: Erik Aronesty: "Logout"
• Next in thread: Douglas Sims: "Re: Logout"

"Erik Aronesty" <erik@primedata.org> wrote:
  > 
  > Dear Sirs,
  > 
  > Is it required that user agents have a mechanism for expiring or forgetting
  > the passwords that are used to access HTTP servers?  IE: a "logout" button
  > for HTTP built-in authentication.
  > 
  > I imagine that this is the sort of requirement that HTTP people think that
  > this should be in the HTML group - and vice-versa.
  > 
  > However it is an embarrassing oversight in modern browsers.

<sigh>

You have touched on one of *my* hot buttons.  I have argued for such a
thing for, oh, about six years.  Obviously without success.  As you
guess, it's not an HTTP issue, having nothing really to do with the
*protocol*.  But it's also not an HTML issue, having nothing to do with
the content of pages.  Rather it's a user interface issue, and thus at
the discretion of the browser vendors.  And, for whatever reason, they
have never been interested in providing a way to discard passwords,
except to exit the browser.

I can think of two situations where such a feature would be *really*
handy:

1) When I'm trying to debug server-side authentication code, and I want
to force the browser I'm using to forget its passwords.

2) In an environment where machines are shared (college computer lab,
public library, Internet cafe), and I want to discard the passwords
I've entered before I leave the machine.

Similar reasoning would recommend a feature to discard all cookies, as
well, but that's another topic entirely. :-)

Dave Kristol

• Next message: Douglas Sims: "Re: Logout"
• Previous message: Erik Aronesty: "Logout"
• Maybe in reply to: Erik Aronesty: "Logout"
• Next in thread: Douglas Sims: "Re: Logout"