httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Random Junk <>
Subject Re: denying access without challenging?
Date Wed, 26 Nov 1997 23:19:49 GMT
Michael Smith writes:
> I imagine that the browser attempts to be clever and doesn't always wait for a 401
> error before it sends the password over - maybe if you have authenticated the URL
> /foo/xx and then try to access /foo/bar/xx it will send it anyway, but I'm not
> entirely sure on this one.  More investifation needed.

you are quite correct.  the browser stores a list of userid/passwords
for each realm/host combo.  the newer versions of internet exploder
let you save the list to disk (what the hell were they thinking???).

    Jon Drukman      SpotMedia Communications
This calls for a very special blend of psychology and extreme violence.

View raw message