I’m using basic HTTP authentication in my application. I’ve configured it up, and watching the debug logs, I can see the initial HTTP request, a 401 coming back and HTTP Client then supplying the Authorization header. The server then sends back a session cookie, and HTTP Client stores this away. So far, so good.
My problem, is that for every subsequent HTTP request, HTTP Client is re-sending the Authorization header. The far end treats this as a fresh authentication request and issues a fresh session cookie. After a while, the far end starts to complain about too many sessions. Is there a way to tell HTTP Client to only sent the Authorization header in response to a 401 from the server, instead of with every request? Or do I have to manually add & remove the Authorization header myself? Thanks, GTG -- Gordon Ross --------------------------------------------------------------------- To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org For additional commands, e-mail: httpclient-users-h...@hc.apache.org
