Main Page

(First draft... feedback is apreciated.)

This is the main page for Session Management exposed to the browser Community Group of the W3C.

Introduction

This activity is started due to some guy some day questioned himself about why do not all sites show a logout action visible to the user. Some sites hides de logout action or place it in some non obvious menu entry. Some sites don't have any interest in you logging out of their sites. Some other sites want to remember your "name" and your "preferences" in order to track yourself.

The first output was the development of a Firefox plugin to show up the "logout action" as an image visible to the user. The problem is: each website need to be logged out in a different manner. In some of them it is as easy as going to "http[s]://thewebsite/logout". In other ones it is as difficult as executing a javascript, wait for a menu to be shown and then emulating a click on a concrete menu entry (the hidden logout menu entry). The firefox plugin was called "Popup Logout" and its main page is at http://popuplogout.iniqua.com/

The aim

The aim of the activities of this community is to collect what are the different ways to expose the session management functionalities to the browser in a standard way. This will allow a browser to (for example) handle the session, logout the user, show a visible button to logout for each page or tab in the browser, logout the user on browser exit, etc.

Activities

* Features we want.
* Levels where it could be implemented. Pros/cons. Security concerns.

Interesting notes

* Logout should be done by a POST request because it changes the state of the server. Read more in here and there.

To be countinued... (feedback please)