tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pid <...@pidster.com>
Subject Re: Question about BASIC Authentication
Date Thu, 01 Jul 2010 07:31:06 GMT
On 01/07/2010 02:30, Christopher Schultz wrote:
> Matthew,
> 
> On 6/30/2010 8:20 PM, Matthew Mauriello wrote:
>> The behavior seems rather strange to me in fact, I've seen other websites
>> run on what looks to be BASIC Authentication without popping these browser
>> messages when leaving secured sections.
> 
> Most websites use HTTP AUTH consistently, at least for a particular URL
> prefix.
> 
>> See the http://user:password@website.com/SOLR is only used once and it
>> might actually be http://user:password@website.com/SOLR/ I have to look
>> into this.
> 
>> I feel like the authentication cookie is being created for the user and
>> then being forwarded to every page the user visits after that.

BASIC auth doesn't create an authentication cookie does it?  The browser
sends an 'Authorization' header instead.


p

>> I am hoping to find some way of preventing this behavior.
> 
> Well, for starters, what web browser are you using? Can you give me a
> sample URL that I can use to play with a test version of your webapp?
> 
> -chris

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org




Mime
View raw message