On Mar 30, 2007, at 02:46, Jean-Paul Passama wrote:
> When I send a GET command with login/password, I see that the command
> is
> sended first without login/password then (less than 1 second after)
> with
> the Authorization field correctly filled.
>
> Do you have an idea about this ?
This is how secure http access works:
1. The client makes a request to the browser not knowing that the
resource is secured.
2. The server responds with an error code announcing that access is
denied (because there were no valid credentials).
3. The client then submits a second request with the appropriate
credentials.
4. The server allows access if the new request passes authentication.
Browsers normally make this transparent by prompting the user for the
credentials the first time, and automatically sending them on every
subsequent request. The reason is that since the HTTP protocol is
state-less, there is no way for the server to request authentication
credentials on the first request once it has been sent, it can only
respond with an error.
dZ.
--
DZ-Jay [TeamICS]
http://www.overbyte.be/eng/overbyte/teamics.html
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://www.elists.org/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be
