Why isn't there a logout button? Why no list of "websites you're logged into"? Is it because of some issue with the HTTP specs?
Life would be much easier for web developers if they could actually rely on HTTP auth ...
+9
A:
As far as HTTP is concerned, it is stateless. One of the main reasons why Internet is scalable.
Gulzar
2008-10-24 21:31:59
Yes, state information should be kept by the browser, but they do it poorly
Egon
2008-10-24 21:36:42
This is an interesting topic. Doesn't browser cache do that? I'm coming from the ASP.NET world, so I think in those terms. We got your viewstate, your sessionstate, your cache, your cookies.
MrBoJangles
2008-10-24 21:39:22
well..you can use techniques like cookies and store all the information you want. the responsibility is on the application developer to maintain state and use it properly.
Gulzar
2008-10-24 21:39:23
Wouldn't it be nice if the browsers were easier to work with? But the fact that HTTP is stateless sort of necessitates the workaroundishness of web programming.
MrBoJangles
2008-10-24 21:41:24
+2
A:
Have you entered a bug report for major browsers ? (At least, ones with bug trackers, Firefox, Chrome (Chromium) etc.
List of open HTTP Auth sessions would be useful.
hayalci
2008-10-24 22:04:30
There's a ticket open since 2004 for Firefox, I don't know about the others
Egon
2008-10-24 22:22:21
A:
Because it's not the browser that "knows" it's logged in. It's the server which authenticates the browser on every request. Every server can have different authentication mechanism - using different names and content for the authentication cookies, basic authentication, etc.
Sunny
2008-10-24 22:17:09
The question isn't about cookies, it's only basic authentication, which the browser most certainly does keep alive.
Jim Puls
2008-10-24 22:21:05
Also, if you check here: http://www.httprevealer.com/article_basic_authentication.htm, it's still the server which authorizes the access, so the browser only knows that it was already asked, and what to provide on next request, but not if the server will still honor that.
Sunny
2008-10-24 22:28:02
Jim, even with HTTP authentication methods, the browser does not know whether a user is logged in. All the browser has is the list of credentials for authenticating itself/the user to some websites. Credentials != logged in.
Alexander
2008-10-25 10:41:12
+3
A:
No technical reason. I suppose if anything, the auth UI is neglected because fewer and fewer web sites are still using HTTP Basic Authentication, trending more towards various cookie-related login schemes... precisely because the auth UI is so poor!
One could probably hack together a Firefox add-on to do it quite easily, which would be the quickest fix. (And the same goes for the other question with the poor file upload UI too.) I'd use it!
bobince
2008-10-24 22:20:00
Yeah, that was my idea too ... I'm actually just trying to get someone to do it ;-)
Egon
2008-10-24 22:24:37