struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Laurie Harper <>
Subject Re: HTTP BASIC authentication
Date Sun, 05 Feb 2006 02:12:59 GMT
Prashanth.S wrote:
> Hello All,
>   I have got a simple question on BASIC authentication on webresources using Tomcat.
>   I had set up this BASIC authentication on tomcat and tomcat[because of my misconfiguration????]
 seems to authenticate user every time they accesses resource though the client is sending
back the jsessionID cookie for session tracking...
>   2 request-response formats are as follows..Ideally i dont expect it to throw me an
unauthorized error for the 2nd request..Can anyone point out what am i doing wrong??

You're not sending the Authorization header in the second request. 
Remember, HTTP is stateless. Sessions are a web-app thing and have 
nothing to do with HTTP authentication. Sending a session cookie has no 
effect on HTTP authentication.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message