Should be compatible with commonly used HTTP authentication and session management mechanisms. I.e. on an IIS server where authentication and session management is generally done by the server before ASP pages execute this should be doable also for requests coming from cross-site requests. Same thing applies to PHP on Apache.
- ACTION-165: New wording for requirement 12 Jonas Sicking
- Re: ACTION-165: New wording for requirement 12 Anne van Kesteren
