[Pdx-pm] kwiki and TypeKey - spammed again!
chromatic
chromatic at wgz.org
Mon Apr 16 16:22:10 PDT 2007
On Monday 16 April 2007 16:11, Eric Wilhelm wrote:
> 1. How does the *browser* log out in any other scheme?
You send a cookie to delete or overwrite the logged in cookie, or send a URL
without a session identifier.
Presumably the browser does the right thing. Many, in fact, do.
Unfortunately, you can't send a 401 header and trust that *any* browser will
forget authentication.
> 2. Who said identity and trust had anything to do with authentication?
I did. Unauthenticated identities are difficult to trust.
-- c
More information about the Pdx-pm-list
mailing list