No. This is not true. If browser gets 401 in response to request with
user authentication then it pops up the dialog box. And only if user
clicks "Cancel" then it displays the Authentication failed document.
Only if you send 403 then browser will not prompt user for new user
name and password.
At least it works this way with IE and Netscape.
Andrei
On Tue, Nov 02, 1999 at 02:29:10PM -0500, Greg Stark wrote:
>
> I think if you send a 401 in response to a request that contained auth data
> the user will typically see a "Authentication failed" box, which may look bad
> compared to just getting the password dialog.
>
> Actually I couldn't get this to work a while back, but I didn't try very hard.
>
>
> "Andrei A. Voropaev" <[EMAIL PROTECTED]> writes:
>
> > On Mon, Nov 01, 1999 at 05:03:58PM -0500, Robin Berjon wrote:
> > > I've never tried this but doesn't sending two 401s in a row for the same
> > > document have the auth popup appear again ?
> >
> > I feel like this topic gets slightly confusing. Browser sends request,
> > gets 401 back, asks user for username and password if it doesn't have
> > one cached already. If it has one cached for this particular realm
> > then it attempts to send the cached values. If in response it gets 401
> > again then it asks user for new username and password for this realm.
> > As far as I know it always takes 2 requests to get protected
> > document. First one returns with 401 code and realm for authentication,
> > second request is done with appropriate user name and password.
> >
> > So if for some reason you decide that some user name and password is
> > not valid any more then you should make sure that if they are sent any
> > number of times later then your authentication handler says no
> > always.
> >
> > Andrei
> >
> > --
> >
>
> --
> greg
--
