views:

608

answers:

4

Why isn't there a logout button? Why no list of "websites you're logged into"? Is it because of some issue with the HTTP specs?

Life would be much easier for web developers if they could actually rely on HTTP auth ...

+9  A: 

As far as HTTP is concerned, it is stateless. One of the main reasons why Internet is scalable.

Gulzar
Yes, state information should be kept by the browser, but they do it poorly
Egon
This is an interesting topic. Doesn't browser cache do that? I'm coming from the ASP.NET world, so I think in those terms. We got your viewstate, your sessionstate, your cache, your cookies.
MrBoJangles
well..you can use techniques like cookies and store all the information you want. the responsibility is on the application developer to maintain state and use it properly.
Gulzar
Wouldn't it be nice if the browsers were easier to work with? But the fact that HTTP is stateless sort of necessitates the workaroundishness of web programming.
MrBoJangles
+2  A: 

Have you entered a bug report for major browsers ? (At least, ones with bug trackers, Firefox, Chrome (Chromium) etc.

List of open HTTP Auth sessions would be useful.

hayalci
There's a ticket open since 2004 for Firefox, I don't know about the others
Egon
A: 

Because it's not the browser that "knows" it's logged in. It's the server which authenticates the browser on every request. Every server can have different authentication mechanism - using different names and content for the authentication cookies, basic authentication, etc.

Sunny
The question isn't about cookies, it's only basic authentication, which the browser most certainly does keep alive.
Jim Puls
Also, if you check here: http://www.httprevealer.com/article_basic_authentication.htm, it's still the server which authorizes the access, so the browser only knows that it was already asked, and what to provide on next request, but not if the server will still honor that.
Sunny
Jim, even with HTTP authentication methods, the browser does not know whether a user is logged in. All the browser has is the list of credentials for authenticating itself/the user to some websites. Credentials != logged in.
Alexander
+3  A: 

No technical reason. I suppose if anything, the auth UI is neglected because fewer and fewer web sites are still using HTTP Basic Authentication, trending more towards various cookie-related login schemes... precisely because the auth UI is so poor!

One could probably hack together a Firefox add-on to do it quite easily, which would be the quickest fix. (And the same goes for the other question with the poor file upload UI too.) I'd use it!

bobince
Yeah, that was my idea too ... I'm actually just trying to get someone to do it ;-)
Egon