On 11/24/09 12:16 AM, Bil Corry wrote:
We eventually came up with the idea of using a "rel" extension[2] to specify a "logout" feature[3]; the browser pings the server when all related windows/tabs are closed.
I'm not sure if the "when all related windows/tabs are closed" part is interesting (eg, what to do when that happens because the browser crashed, or the browser doesn't support the rel extension?).
OTOH, there has been some brainstorming around how to improve identity and logins in general. Form-based password management is basically a hack, so it would be nice to have a more formal syntax to tell the browser how to login and logout from the site. We can (in theory) mostly do this with HTTP authentication, but logins based on forms and cookies are far more common.
Justin _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
