Minutes From Meeting Today
Dick Hardt
dick at sxip.com
Sat Jun 24 16:04:59 UTC 2006
On 24-Jun-06, at 8:46 AM, David Strauss wrote:
> There would be no issue with cookie reloading or cross-browser
> compatibility because the invalidation would be in the OpenID consumer
> database, not in the session-tracking cookie.
I assumed that the app would already have a active session mechanism
and that OpenID is used to map to an account to it. I would think it
would be a challenge to ask people to rewrite their session management.
The other point is that people already know how to log off (people
only do it on critical sites) -- and if they want to log off of
everything, they are likely done with their web session and can just
quit the browser which will get rid of any session cookies.
Just my opinion and experience.
-- Dick
More information about the yadis
mailing list