[Cryptography] Basic auth a bit too basic
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Mon Feb 8 04:21:09 EST 2016
John Levine <johnl at iecc.com> writes:
>It would be technically straightforward for browsers to have a logout button
>that forgets the auth credentials for the current page, or to invent an HTML
>meta tag that tells browsers to forget auth credentials for the current page's
>domain (give or take the same cross-domain issues with cookies.)
That doesn't really help though because it doesn't provide a means for the
site and the client to agree to end the authenticated session. That's what a
lot of the hacks on Stackexchange try and do, but they remain just... hacks.
Peter.
More information about the cryptography
mailing list