Beefy Boxes and Bandwidth Generously Provided by pair Networks
Problems? Is your data what you think it is?

comment on

( #3333=superdoc: print w/replies, xml ) Need Help??

I'm not sure I understand this bit

When you determine that the client should stop using the credentials/session key, the server can tell the client to delete the cookie. Letting users "log out" is a notoriously impossible-to-solve problem of AuthBasic.

Isn't the usual reason a server decides to 'log a client off' because of session timout after 20 mins or so? This normally occurs when they have simply moved on to another site or disconnected without informing the server they are doing so... in which case, there is not client to send the instruction to delete the cookie.

Also, how does the server 'tell the client'? I know there is such a thing as 'server push', but I didn't think this had ever made much of an impact. Besides...

The other way the timeout can occur is if the user is reading something long. If I was doing this and the server suddenly decided to 'send' me a 'your logged off' page, I don't think I would use that site again in a hurry.

I think anything that relies on cookies is gonna limit your audience severely, and more so as new users become aware of the potential for misuse of cookies. The latest browsers that allow cookie control on a site-by-site basis mitigate this problem somewhat, but that requires users knowledgable to distinguish between sites they can trust and those they cannot. Unfortunately, things like the Trust-E symbol aren't worth the band-width that it takes to transmit them, as very little verification is done. ANd what verification is done, is done against the site "privacy policy", which invariably can be paraphrased as:


{20k omitted}...of course, we won't use your private details for anything bad, but if we can find a way of screwing some commercial gain by using them to promote some aspect our, or our partners (Read:anyone who will pay us) businesses to you, we will! And by having said this here, hidden on another page linked from every page, in totally oblique, long-winded, legal terminology and frustratingly tiny print, we've effectively covered our arses should you ever discover what we are doing.


Well It's better than the Abottoire, but Yorkshire!

In reply to Re: Re: Secure Session Management by BrowserUk
in thread Secure Session Management by glickjd

Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":

  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.
  • Log In?

    What's my password?
    Create A New User
    and the web crawler heard nothing...

    How do I use this? | Other CB clients
    Other Users?
    Others about the Monastery: (9)
    As of 2021-04-12 19:49 GMT
    Find Nodes?
      Voting Booth?

      No recent polls found