Chris McDonough added the comment:
Form plugins will be deprecated for common use in the next release of r.who,
FWIW. It's much easier to tell people to return a login form as their
"unauthorized" response rather than trying to "challenge" based on a 401
response from the application and do arb
New submission from Forest :
The form plugins, which are the most obvious way to build a common web login
page, have no obvious way to show "logged out" or "login failed" messages. Even
with third party add-ons like formcookie, I end up having to perform three
post-login-attempt redirects if I w