Hi Chris,
It depends whether you're using an explicit proxy or not.
if you send http://user:pass@site:port/path to server (no explicit proxy
defined in the borwser),
then the browser does the following
- connect to "site:port"
- send a command fo the form "GET /path HTTP/1.x" note that the "site:port"
portion is lost.
- use the user and pass in http authentication headers.
if "pass" has been sent, the browser should not need to prompt the suer for
a passwd. If so, this
is a bug.
If the browsr is configured to use a proxy, things are different, and the
browser should send all
the infos.
At 17:48 25/04/01 -0500, Chris Tobkin wrote:
>Actually, it's used/interpreted as the username to use when prompted for
>authentication. It automatically put it into the username field when
>the authentication dialog box pops up in netscape, but it does not in
>IE. IOW, a long version of this with bells and whistles would be:
>http://username:password@hostname:port/path/file.cgi?attribute1=value1&a
>ttribute2=value2 The @ separates the authentication information from
>the location piece. (FYI, in the versions tested on my laptop here, the
>browser did not send the username without the user being prompted for a
>valid username/password, so it's not being necessarily used as a
>tracking device.)
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
