(Message HTTP-TOEDIT:569) Return-Path: masinter@parc.xerox.com Received: by zorch.w3.org; id AA18193; Sun, 2 Mar 1997 13:34:02 -0500 Received: from alpha.xerox.com (alpha.Xerox.COM [13.1.64.93]) by www10.w3.org (8.7.5/8.7.3) with SMTP id NAA13802 for ; Sun, 2 Mar 1997 13:33:57 -0500 (EST) Received: from palimpsest.parc.xerox.com ([13.1.101.126]) by alpha.xerox.com with SMTP id <16196(3)>; Sun, 2 Mar 1997 10:34:00 PST Received: from palimpsest ([127.0.0.1]) by palimpsest.parc.xerox.com with SMTP id <242>; Sun, 2 Mar 1997 10:33:53 PDT Sender: masinter@parc.xerox.com Message-Id: <3319C811.BDC@parc.xerox.com> Date: Sun, 2 Mar 1997 09:33:53 PST From: Larry Masinter Organization: Xerox PARC X-Mailer: Mozilla 3.01Gold (X11; I; SunOS 5.5.1 sun4u) Mime-Version: 1.0 To: jg@w3.org Subject: [Fwd: Re: adduser web page] Content-Type: multipart/mixed; boundary="------------486D56F46C25" This is a multi-part message in MIME format. --------------486D56F46C25 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Although not raised on HTTP-WG, I thought this might belong in the "issues" list. -- http://www.parc.xerox.com/masinter --------------486D56F46C25 Content-Type: message/rfc822 Content-Transfer-Encoding: 7bit Content-Disposition: inline Received: from alpha.xerox.com ([13.1.64.93]) by casablanca.parc.xerox.com with SMTP id <71888>; Thu, 6 Feb 1997 09:27:38 PST Received: from www19.w3.org ([18.29.0.19]) by alpha.xerox.com with SMTP id <17060(3)>; Thu, 6 Feb 1997 09:27:35 PST Received: by www19.w3.org (8.6.12/8.6.12) id MAA29446; Thu, 6 Feb 1997 12:21:05 -0500 Resent-Date: Thu, 6 Feb 1997 09:21:05 PST Resent-Message-Id: <199702061721.MAA29446@www19.w3.org> From: koen@win.tue.nl (Koen Holtman) Message-Id: <199702061716.SAA23445@wsooti08.win.tue.nl> Resent-To: Resent-To: Resent-To: Subject: Re: adduser web page To: kdyer@draper.com Date: Thu, 6 Feb 1997 09:16:16 PST Cc: www-security@ns2.rutgers.edu, www-talk@w3.org In-Reply-To: <970204142706.ZM3395@aries1.draper.com> from "Kevin J. Dyer" at Feb 4, 97 02:27:06 pm X-Mailer: ELM [version 2.4 PL23] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 8bit X-List-URL: http://www.w3.org/pub/WWW/Archives/Public/www-talk/ Resent-From: www-talk@w3.org X-Mailing-List: archive/latest/3222 X-Loop: www-talk@w3.org Sender: www-talk-request@w3.org Resent-Sender: www-talk-request@w3.org Precedence: list Kevin J. Dyer: [...] >This thread about allowing users to change their passwords via CGI/ Applets >can go on forever. I would like to hear from the community about the >possiblity >of expanding the 4xx codes in HTTP/1.1 to include the following: > > 416 Re-Validation requested > > The username was accepted but the password was challenged again or > the sysadmin expired the password, etc. > > The user agent would display a pop-up requesting two fields. Do you have in mind that this code should clear the password cache of the user agent, effectively ending the auhenticated session so that the user can walk away from the (public) web browser? A code for that would be useful. If you just want to make the password requestor pop up, sending a 401 will do that on most user agents. But if the user presses cancel on the pop-up, most user agents will keep on sending the old password. Koen. --------------486D56F46C25--