[In order for any reply to be added to the PR database, ] [you need to include <[EMAIL PROTECTED]> in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ] [If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request ] [from a developer. ] [Reply only with text; DO NOT SEND ATTACHMENTS! ]
Synopsis: Location Redirects can confuse authentication State-Changed-From-To: open-closed State-Changed-By: marc State-Changed-When: Mon Mar 8 15:13:13 PST 1999 State-Changed-Why: It is the browser that is mis-guessing about when to send the cached auth info, not the server. The server has no way to know what realm the client thinks its authentication info is for and not knowing doesn't compromise security. It simply means that if the client sends the right authentication info, then it may or may not have had it cached from a different realm.
