Adam Taft wrote:
The user agent, of course, still prompts the user for credentials when it's appropriate to do so. The login process, as the end user perceives it, still happens. It's just all about thinking in "stateless" RESTful terms, which is it seems hard for some (many? most??) web developers.
The problem I have with HTTP authentication is that browsers don't provide a "logout" mechanism. Perhaps there's some way to clear the authentication details from Javascript?
Regards, Michael.
