Hi all, I observed a strange behavior with the authorization header.
I provide a sling:authRequestLogin parameter on some protected resource, e.g. /a/b.html?sling:authRequestLogin If I provide a link to, let's say, /a/b/c.html, than this works nicely, i.e. the HTTP authorization header is present on that resource. However calling, let's say, /a/c.html, the authorization header disappears. And worse, if i link from there back to /a/b/c.html, the credentials (that is, the Auth header) remains lost. This does not make sense to me, as the security realm is "Sling (Development)": WWW-Authenticate Basic realm="Sling (Development)" So, imho, an authorization header should be applicable for any repository node/resource. But it looks like it's applicable only to the node where the authentication took place and its children. Can somebody shed light? Thanks, Juerg