Minutes From Meeting Today

Dick Hardt dick at sxip.com
Sat Jun 24 16:04:59 UTC 2006

On 24-Jun-06, at 8:46 AM, David Strauss wrote:

> There would be no issue with cookie reloading or cross-browser
> compatibility because the invalidation would be in the OpenID consumer
> database, not in the session-tracking cookie.

I assumed that the app would already have a active session mechanism  
and that OpenID is used to map to an account to it. I would think it  
would be a challenge to ask people to rewrite their session management.

The other point is that people already know how to log off (people  
only do it on critical sites) -- and if they want to log off of  
everything, they are likely done with their web session and can just  
quit the browser which will get rid of any session cookies.

Just my opinion and experience.

-- Dick

More information about the yadis mailing list