So, if I understand correctly, part of the body was sent after the 401 response (that which was in the send buffer already), and the remainder was sent after the authentication header was sent?
This is weird. It means that the server accepted the (invalid) data that was sent after a non-authenticated request. This smells like a security vulnerability. Or am I misunderstanding it? -dZ. >------- Original Message ------- >From : Arno Garrels[mailto:[EMAIL PROTECTED] >Sent : 9/23/2008 2:25:24 PM >To : twsocket@elists.org >Cc : >Subject : RE: Re: [twsocket] Early web server response > >Arno Garrels wrote: > 3) IE then sends just the header with the credentials and continues > posting the rest of the data. :-) Should read "IE then sends just the header with credentials and continues posting remaining data." -- Arno -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be