hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gordon Ross <gr...@uis.cam.ac.uk>
Subject Controlling HTTP Basic authentication
Date Wed, 07 Dec 2016 14:54:51 GMT
I’m using basic HTTP authentication in my application. I’ve configured it up, and watching
the debug logs, I can see the initial HTTP request, a 401 coming back and HTTP Client then
supplying the Authorization header. The server then sends back a session cookie, and HTTP
Client stores this away. So far, so good.

My problem, is that for every subsequent HTTP request, HTTP Client is re-sending the Authorization
header. The far end treats this as a fresh authentication request and issues a fresh session
cookie. After a while, the far end starts to complain about too many sessions.

Is there a way to tell HTTP Client to only sent the Authorization header in response to a
401 from the server, instead of with every request? Or do I have to manually add & remove
the Authorization header myself?


Gordon Ross
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org

View raw message