[OpenID] Persistent logins

Johannes Ernst jernst+openid.net at netmesh.us
Wed Mar 14 00:02:41 UTC 2007

Note that all redirects or off-site hyperlinks for that matter have  
that problem, OpenID or not. There was some discussion previously on  
a list (perhaps this one) that a relying party might want to perform  
a "ping" to the OP endpoints prior to issuing a redirect. If I recall  
it correctly, the recommendation was to do an HTTP HEAD on the  
service endpoint and see whether it comes back.

On Mar 13, 2007, at 13:50, Max Metral wrote:

> I agree this works, but I'm not sure all sites will sign up to  
> denying a
> user entry because a (massively decentralized) IDP went down.  As  
> of now
> I'm one of those not willing to sign up for it, but I haven't  
> decided if
> I'm being unreasonable or not. :)
> -----Original Message-----
> From: general-bounces at openid.net [mailto:general- 
> bounces at openid.net] On
> Behalf Of Johannes Ernst
> Sent: Tuesday, March 13, 2007 4:47 PM
> To: Carl Howells
> Cc: general at openid.net
> Subject: Re: [OpenID] Persistent logins
> On Mar 13, 2007, at 11:01, Carl Howells wrote:
>> You should take a look at how http://jyte.com/ manages user
>> authentication.
>> When a user authenticates, jyte sets two cookies: a session cookie
>> that contains an is-logged-in credential, and a long-term cookie that
>> contains the identifier the user authenticated with.
> Hey, that sounds just like the LID one! ;-)
> Not surprisingly, I agree that this is a good approach.
> Johannes Ernst
> NetMesh Inc.
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general

More information about the general mailing list