Ian Hickson wrote:
...
I didn't yet have time to look into this in detail, but it currently
seems to require the UA to still parse the HTML page. Wouldn't it be
better of the *headers* of the response (such as WW-Authenticate, Link,
...) would contain sufficient information to perform the login without
having to do that; such as a URI to POST to, plus the parameter names
for user name and password?
The problem is that you'd basically have to duplicate the entire form,
since login forms can be arbitrarily complex. If the bot has the username
and password, why not also give it the username field name, password field
name, and login script url? Just consider them part of the credentials.
That works in theory, but doesn't scale.
For instance, we've been working on a search engine that scan internet
sites that may require authentication. Configuring that login for each
site would be a maintenance nightmare.
So, on the other hand, if the login form is more complex than username +
password, what is a bot supposed to do with it?
BR, Julian
