On Mon, Aug 10, 2009 at 8:18 AM, Felix Meschberger<[email protected]> wrote: > The problem with WebKit based browsers (Chrome has the same issue) is > that the authentication used for AJAX requests are not kept in the cache > for future use. Unlike the Gecko based browsers or even MS IE.
Right, WebKit-based browsers seem to cache credentials and send them preemptively with every following request *only* if they were actually entered by a user. Any other way of injecting the credentials, eg. through an XHR or iframe/image/css/script using the http://user:[email protected] mechanism, will only work for that request (albeit in most cases not sent preemptively), but the credentials won't be cached. If they are entered by a user, ie. through the "ugly" (because unstyleable and modal) browser login form, they will be cached and sent preemptively for the same subtree (Chrome I think) or whole domain (Safari IIRC). Additional "security" I guess. As Felix noted, the cookie fallback mechanism is the only stable way to handle all browsers. Regards, Alex -- Alexander Klimetschek [email protected]
