Hi, Roland, Regarding this:
10.4.2 401 Unauthorized The request requires user authentication. The response MUST include a WWW-Authenticate header field (section 14.47) containing a challenge applicable to the requested resource.
What if my server sent: ------------------------------------------ HTTP/1.1 401 Unauthorized WWW-Authenticate: USE-THE-HTML-FORM-IN-THE-CONTENT-OF-THIS-RESPONSE Content-Length: 180 <html><body><form action='login.jsp' method='post'> User: <input type='text' name='user'/> Password: <input type='password' name='pw'/> <input type='submit'/> </form></body></html> ------------------------------------------ I think the browsers all support this, but I need to test more! To me what I'm doing there seems completely legit with the RFC, because nowhere does the RFC state what the valid challenges are, aside from referring to (this.RFC++) (AKA: 2617) and its BASIC and DIGEST. -- yours, Julius Davies 416-652-0183 http://juliusdavies.ca/ --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
