Justin Dolske wrote on 11/24/2009 10:33 PM: > On 11/24/09 12:16 AM, Bil Corry wrote: >> We eventually came up with the idea of using a "rel" extension[2] to >> specify a "logout" feature[3]; the browser pings the server when all >> related windows/tabs are closed. > > I'm not sure if the "when all related windows/tabs are closed" part is > interesting (eg, what to do when that happens because the browser > crashed, or the browser doesn't support the rel extension?).
Yes, the fallback method would be a session expiration of some kind. > OTOH, there has been some brainstorming around how to improve identity > and logins in general. Form-based password management is basically a > hack, so it would be nice to have a more formal syntax to tell the > browser how to login and logout from the site. We can (in theory) mostly > do this with HTTP authentication, but logins based on forms and cookies > are far more common. It may be this problem is better solved by a group working on new UA authentication methods. - Bil _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security