Comment #5 on issue 6450 by sant9442: Cookies set during a 401 are not applied to the restarted transaction http://code.google.com/p/chromium/issues/detail?id=6450
Just an FYI This may be a related note for Chrome people to be aware of. We discovered that Opera goes into an suspended error state (busy) when it sees a 401 response with no www-authenticate here. The HTTP specification says in section 10.4.2: 10.4.2 401 Unauthorized The request requires user authentication. The response MUST include a WWW-Authenticate header field (section 14.47) containing a challenge applicable to the requested resource. ............ HTTP access authentication is explained in "HTTP Authentication: Basic and Digest Access Authentication" [43]. well, this is good and dandy for BASIC/DIGEST, but 401 is also useful for non BASIC/DIGEST schemes. As we know, COOKIE-BASED login methods is common place. So the browser should be aware that 401 no longer applies to just BASIC/DIGEST. There is a proposal out there: Cookie-based HTTP Authentication http://tools.ietf.org/html/draft-broyer-http-cookie-auth-00 It appears that this is suggesting to use a header with a "cookie" scheme: www-authenticate: cookie ...... I am going to explore this for our web server. I don't see this 401/No Header scenario is a problem with Chrome. Cookie based logins for Chrome was never an issue with our server which will send the 401 "unauthorized" response. But Chrome developers should probably look into this proposal scheme for 401 "www- authenticate: cookie" scheme -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~---------~--~----~------------~-------~--~----~ Automated mail from issue updates at http://crbug.com/ Subscription options: http://groups.google.com/group/chromium-bugs -~----------~----~----~----~------~----~------~--~---