[OpenID] Persistent logins
Johannes Ernst
jernst+openid.net at netmesh.us
Wed Mar 14 00:02:41 UTC 2007
Note that all redirects or off-site hyperlinks for that matter have
that problem, OpenID or not. There was some discussion previously on
a list (perhaps this one) that a relying party might want to perform
a "ping" to the OP endpoints prior to issuing a redirect. If I recall
it correctly, the recommendation was to do an HTTP HEAD on the
service endpoint and see whether it comes back.
On Mar 13, 2007, at 13:50, Max Metral wrote:
> I agree this works, but I'm not sure all sites will sign up to
> denying a
> user entry because a (massively decentralized) IDP went down. As
> of now
> I'm one of those not willing to sign up for it, but I haven't
> decided if
> I'm being unreasonable or not. :)
>
> -----Original Message-----
> From: general-bounces at openid.net [mailto:general-
> bounces at openid.net] On
> Behalf Of Johannes Ernst
> Sent: Tuesday, March 13, 2007 4:47 PM
> To: Carl Howells
> Cc: general at openid.net
> Subject: Re: [OpenID] Persistent logins
>
>
> On Mar 13, 2007, at 11:01, Carl Howells wrote:
>
>> You should take a look at how http://jyte.com/ manages user
>> authentication.
>>
>> When a user authenticates, jyte sets two cookies: a session cookie
>> that contains an is-logged-in credential, and a long-term cookie that
>> contains the identifier the user authenticated with.
>
> Hey, that sounds just like the LID one! ;-)
>
> Not surprisingly, I agree that this is a good approach.
>
>
>
>
> Johannes Ernst
> NetMesh Inc.
>
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
More information about the general
mailing list