Comment #5 on issue 6450 by sant9442: Cookies set during a 401 are not
applied to the restarted transaction
http://code.google.com/p/chromium/issues/detail?id=6450
Just an FYI
This may be a related note for Chrome people to be aware of. We discovered
that
Opera goes into an suspended error state (busy) when it sees a 401 response
with no
www-authenticate here.
The HTTP specification says in section 10.4.2:
10.4.2 401 Unauthorized
The request requires user authentication. The response MUST
include a WWW-Authenticate header field (section 14.47)
containing a challenge applicable to the requested resource.
............ HTTP access authentication is explained
in "HTTP Authentication: Basic and Digest Access Authentication"
[43].
well, this is good and dandy for BASIC/DIGEST, but 401 is also useful for
non
BASIC/DIGEST schemes. As we know, COOKIE-BASED login methods is common
place. So
the browser should be aware that 401 no longer applies to just BASIC/DIGEST.
There is a proposal out there:
Cookie-based HTTP Authentication
http://tools.ietf.org/html/draft-broyer-http-cookie-auth-00
It appears that this is suggesting to use a header with a "cookie" scheme:
www-authenticate: cookie ......
I am going to explore this for our web server. I don't see this 401/No
Header
scenario is a problem with Chrome. Cookie based logins for Chrome was never
an issue
with our server which will send the 401 "unauthorized" response.
But Chrome developers should probably look into this proposal scheme for
401 "www-
authenticate: cookie" scheme
--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
--~--~---------~--~----~------------~-------~--~----~
Automated mail from issue updates at http://crbug.com/
Subscription options: http://groups.google.com/group/chromium-bugs
-~----------~----~----~----~------~----~------~--~---
