www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From m...@apache.org
Subject Re: general/4023: Location Redirects can confuse authentication
Date Mon, 08 Mar 1999 23:13:14 GMT
[In order for any reply to be added to the PR database, ]
[you need to include <apbugs@Apache.Org> in the Cc line ]
[and leave the subject line UNCHANGED.  This is not done]
[automatically because of the potential for mail loops. ]
[If you do not include this Cc, your reply may be ig-   ]
[nored unless you are responding to an explicit request ]
[from a developer.                                      ]
[Reply only with text; DO NOT SEND ATTACHMENTS!         ]


Synopsis: Location Redirects can confuse authentication

State-Changed-From-To: open-closed
State-Changed-By: marc
State-Changed-When: Mon Mar  8 15:13:13 PST 1999
State-Changed-Why:
It is the browser that is mis-guessing about when to send
the cached auth info, not the server.  The server has no
way to know what realm the client thinks its authentication
info is for and not knowing doesn't compromise security.
It simply means that if the client sends the right authentication
info, then it may or may not have had it cached from a different
realm.


Mime
View raw message