Hi Henrik:
>
> There is no such thing as a "login session" in HTTP, and if it was it
> would certainly not span multiple web sites..
>
> The only reason why you do not see a login box in each and every request
> is because your web browser is smart and assumes that if login was
> required for one request to the web site (or proxy in case of proxy
> authentication) then it will also be required for the next request to
> the same web site (or proxy in case of proxy authentication) and assumes
> the same login+password should be used again there as well.
>
>
> A typical chain of events for a web site requiring authentication:
>
> < GET /
>
>>401 Unauthorized
>>
>
> < GET /, Authorize=login:password
>
>>200 OK
>>
>
> < GET /images/something.gif, Authorize=login:password
>
>>200 OK
>>
>
>
> And from this I think it is obvious that the browser has to ask again
> before sending the same login:password to another web site..
>
>
I see... but I think I wasn't clear. I gonna make some experiments
around here and give you a feedback.
regards.
-- []'s Lucas Brasilino brasilino@recife.pe.gov.br http://www.recife.pe.gov.br Emprel - Empresa Municipal de Informatica (pt_BR) Municipal Computing Enterprise (en_US) Recife - Pernambuco - Brasil Fone: +55-81-34167078Received on Fri Feb 28 2003 - 10:08:12 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:13:45 MST