cosign-discuss at umich.edu
general discussion of cosign development and deployment
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Cosign Re-Authentication Specification
On 28 Mar 2005, at 14:25, Cory Snavely wrote:
Wesley Craig wrote:
On 25 Mar 2005, at 15:59, Cory Snavely wrote:
[...]Good idea. Let's add a button/text. If the user selects this
path, they will logout the previous user, and be redirected back
to the URL. Since the URL required (unsatisfied) reauthN, there
should be no cached cookies, the "CHECK" will fail, a new service
cookie will be set, and a login will be triggered.
I think there should be a "this isn't me--log on as a different
person" button. Not quite sure how to word that, but I think it's
needed to help the innocent victim.
Either that, or just go straight to weblogin.
After some analysis, I think just going straight to weblogin ought to