* Boyle Owen <[EMAIL PROTECTED]> [0507 09:07]: > > The first time the client requests a resource in a protected realm, it > doesn't know it is protected so makes a plain request. The server responds > with a 401 Unauthorized. The client then pops up a password window and > captures the username/password (aka, the credentials). The client repeats the > request but this time adds an Authorization header containing the > credentials. The server gets the request and verifies the credentials, if OK, > it serves the resource. The client caches the credentials and for all > subsequent requests in the same realm, it adds the same Authorization header > - that's how you stay "logged in". > > That's also how it is really hard to get the browser to "forget" your > password - even if you surf off to a different site and come back a day > later, it'll remember your credentials and send them off again.
Best. Firefox extension. Ever. http://extensionroom.mozdev.org/more-info/clearhttpauth -- 'What have you done to the cat? It looks half-dead.' -- Schroedinger's wife Rasputin :: Jack of All Trades - Master of Nuns --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]