Task B: Login and Logout
The actions for logging in and logging out are based on the state of the session. If a user identity is not present in the session, then we should present the user with a login form. Conversely, when there is an identity present, we should present an option for the user to log out.
To log in, the user submits her username and password using a form on the page. These are checked against the stored credentials. If they match, we put her identity in the session.
When the user logs in, we send the credentials using basic HTTP authentication. The specification states that the username and the password are joined using the : separator. The string is then encoded using base 64, and the authorization method Basic is ...