struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Prashanth.S" <>
Subject Re: HTTP BASIC authentication
Date Sun, 05 Feb 2006 11:29:17 GMT
Hello Laurie,
  Thanks for your response..
  Iam purposefully not sending authentication header for second request  as i want to maintain
"authenticated session" with the server till the client closes the connection..
  >>Sending a session cookie has no effect on HTTP authentication.
  Than hows all webapps work??I thought that authentication happens only once during login
page and all subsequent accesses to the protected resource will be granted by the server based
on the Cookie sent from client??
  Many Thanks

Laurie Harper <> wrote:
  Prashanth.S wrote:
> Hello All,
> I have got a simple question on BASIC authentication on webresources using Tomcat.
> I had set up this BASIC authentication on tomcat and tomcat[because of my misconfiguration????]
seems to authenticate user every time they accesses resource though the client is sending
back the jsessionID cookie for session tracking...
> 2 request-response formats are as follows..Ideally i dont expect it to throw me an unauthorized
error for the 2nd request..Can anyone point out what am i doing wrong??

You're not sending the Authorization header in the second request. 
Remember, HTTP is stateless. Sessions are a web-app thing and have 
nothing to do with HTTP authentication. Sending a session cookie has no 
effect on HTTP authentication.


To unsubscribe, e-mail:
For additional commands, e-mail:

Do you Yahoo!?
 New and Improved Yahoo! Mail - 1GB free storage!
  • Unnamed multipart/alternative (inline, 8-Bit, 0 bytes)
View raw message