Peter Mogensen <[email protected]> writes: > On 2012-09-08 08:23, Russ Allbery wrote:
>> Sure, but you are. When you do a GET to a WebAuth-protected site with >> an expired token, you get a redirect to WebLogin followed by a redirect >> back to the original site, which re-establishes your cookies and then >> gives you the resource you asked for. As long as your AJAX follows >> those redirects, and for a GET there's no reason why it wouldn't, > But following those redirects make you loose JavaScript state - which > doesn't make web developers happy. Oh, right, because it puts stuff in anchors that would be stripped by a redirect. Right, right. > Problems such as this really makes me think HTTP authentication > standardization have failed. Yes, indeed. All of this stuff is effectively just workarounds for the lack of real HTTP authentication. It's pretty frustrating, isn't it? -- Russ Allbery <[email protected]> Technical Lead, ITS Infrastructure Delivery Group, Stanford University
