tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Question about BASIC Authentication
Date Sun, 04 Jul 2010 02:26:02 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Pid,

On 7/1/2010 3:31 AM, Pid wrote:
> On 01/07/2010 02:30, Christopher Schultz wrote:
>> Matthew,
>>
>> On 6/30/2010 8:20 PM, Matthew Mauriello wrote:
>>> The behavior seems rather strange to me in fact, I've seen other websites
>>> run on what looks to be BASIC Authentication without popping these browser
>>> messages when leaving secured sections.
>>
>> Most websites use HTTP AUTH consistently, at least for a particular URL
>> prefix.
>>
>>> See the http://user:password@website.com/SOLR is only used once and it
>>> might actually be http://user:password@website.com/SOLR/ I have to look
>>> into this.
>>
>>> I feel like the authentication cookie is being created for the user and
>>> then being forwarded to every page the user visits after that.
> 
> BASIC auth doesn't create an authentication cookie does it?  The browser
> sends an 'Authorization' header instead.

Yep, no cookie.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkwv8ToACgkQ9CaO5/Lv0PARzgCfbS+vLZEPbBuZpLs1ebiiLWTq
K1cAoLo8yixRBwEO2urSaRaT214bNa0Y
=P9fN
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message