[Pdx-pm] kwiki and TypeKey - spammed again!

chromatic chromatic at wgz.org
Mon Apr 16 16:22:10 PDT 2007

On Monday 16 April 2007 16:11, Eric Wilhelm wrote:

> 1.  How does the *browser* log out in any other scheme?

You send a cookie to delete or overwrite the logged in cookie, or send a URL 
without a session identifier.

Presumably the browser does the right thing.  Many, in fact, do.

Unfortunately, you can't send a 401 header and trust that *any* browser will 
forget authentication.

> 2.  Who said identity and trust had anything to do with authentication?

I did.  Unauthenticated identities are difficult to trust.

-- c

More information about the Pdx-pm-list mailing list