if http is stateless, how does apache know not to authenticate again

if http is stateless, how does apache know not to authenticate again

Post by Anonymo » Tue, 03 Jul 2001 02:37:19



I was wondering: if http is stateless, how does apache know not to
authenticate again?
 
 
 

if http is stateless, how does apache know not to authenticate again

Post by Christoph Voge » Tue, 03 Jul 2001 02:46:32


^^^^^^^^^^^ !

Quote:> I was wondering: if http is stateless, how does apache know not to
> authenticate again?

Apache doesn't, your browser does.

Regards,

Christoph.

 
 
 

if http is stateless, how does apache know not to authenticate again

Post by Joshua Sliv » Tue, 03 Jul 2001 02:48:07



> I was wondering: if http is stateless, how does apache know not to
> authenticate again?

(Assumption: you are talking about http basic auth.)

It doesn't.  Apache insists on receiving the password with every
request.  However, you browser is smart enough to know that once it
authenticates once, it should continue to send the password without
prompting for resources in the same "realm" (Apache: AuthName).

--
Joshua Slive

http://slive.ca/

 
 
 

if http is stateless, how does apache know not to authenticate again

Post by Randal L. Schwar » Wed, 04 Jul 2001 00:34:52


Joshua> It doesn't.  Apache insists on receiving the password with every
Joshua> request.  However, you browser is smart enough to know that once it
Joshua> authenticates once, it should continue to send the password without
Joshua> prompting for resources in the same "realm" (Apache: AuthName).

Beware though.  Recent versions of IE *preemptively* send cached
basicauth to *any* URL from the same server, without regard for a
realm name, because they don't wait to be told it's protected.  Watch
your logs and you'll see very few 401 hits, when in fact you should be
getting one 401 then one 200 for every protected page.

Bad IE.  *bad* IE.  (As if I had to point that out.)

--
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095

Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!

 
 
 

1. Again: How do I know I am running a term on X?

Hi,

Thank you for all the replies. Still, I can't find out a good solution
to solve my problem. Maybe I should describe the problem more clearly...

Actually, I'm setting the precmd alias in my shell such that whenever
I'm using xterm, the title bar can display the current directory. Even I
rlogin to other machines, since I'm still using xterm, the title bar
should still display the new current dir in the remote machine. But the
problem is, if I'm just sitting in front of a PC or what so ever and
using telnet to connect to a machine, the precmd alias setting will
print the currect dir at the prompt since there is no title bar for it
to display...

I've tried by checking $DISPLAY and $TERM, or use xdpyinfo, but none of
them work at all. So, any other methods suggested?

Cheers,

Francis.

2. : shared memory usage

3. Apache problem: Can see http://localhost/ but not http://ipaddress/

4. $TERM problems

5. With apache, virtual host http://domain.com/test/ not equal to http://domein/test

6. Drive I/o Error Kernel Panic

7. HTTP a stateless protocol??

8. workshop debugger bug

9. apache http proxy - http/1.0 vs http/1.1

10. I am a Linux Know Nothing, would like to know

11. Help how do I know what version of apaches I am running

12. How do I know I am not logging into a Trojan horse?

13. things I did not know, that I did not know ;-)