fre 2003-02-28 klockan 15.33 skrev Lucas Brasilino: > > b) The browser will request again for the password on each new web > > site requested. > > > I didn't realise this issue since squid shouldn't send "401 Unauthorized" > to browser for each new web site, only in the first > access attempt.
There is no such thing as a "login session" in HTTP, and if it was it would certainly not span multiple web sites.. The only reason why you do not see a login box in each and every request is because your web browser is smart and assumes that if login was required for one request to the web site (or proxy in case of proxy authentication) then it will also be required for the next request to the same web site (or proxy in case of proxy authentication) and assumes the same login+password should be used again there as well. A typical chain of events for a web site requiring authentication: < GET / > 401 Unauthorized < GET /, Authorize=login:password > 200 OK < GET /images/something.gif, Authorize=login:password > 200 OK And from this I think it is obvious that the browser has to ask again before sending the same login:password to another web site.. Regards Henrik -- Henrik Nordstrom <[EMAIL PROTECTED]> MARA Systems AB, Sweden
