I think if you send a 401 in response to a request that contained auth data
the user will typically see a "Authentication failed" box, which may look bad
compared to just getting the password dialog.
Actually I couldn't get this to work a while back, but I didn't try very hard.
"Andrei A. Voropaev" <[EMAIL PROTECTED]> writes:
> On Mon, Nov 01, 1999 at 05:03:58PM -0500, Robin Berjon wrote:
> > I've never tried this but doesn't sending two 401s in a row for the same
> > document have the auth popup appear again ?
>
> I feel like this topic gets slightly confusing. Browser sends request,
> gets 401 back, asks user for username and password if it doesn't have
> one cached already. If it has one cached for this particular realm
> then it attempts to send the cached values. If in response it gets 401
> again then it asks user for new username and password for this realm.
> As far as I know it always takes 2 requests to get protected
> document. First one returns with 401 code and realm for authentication,
> second request is done with appropriate user name and password.
>
> So if for some reason you decide that some user name and password is
> not valid any more then you should make sure that if they are sent any
> number of times later then your authentication handler says no
> always.
>
> Andrei
>
> --
>
--
greg
