Hacker News new | ask | show | jobs
by jessaustin 3315 days ago
Is this still true, for any browser that is still used? It seems a couple of decades would be long enough to get this right...
1 comments
aeronautic 3315 days ago
Still true when I tested last year. The core protocol does not have a defined way to get the browser to forget the login.

You have to resort to different fudges on different browser.

Net/Net: the http auth ui sucks, has bad usability, weak crypto, and is not robust with logout.

HTML/form based auth can be made robust and is a preferable alternative in every case.

link