Mark Shaw wrote: > > In subsequent requests I pass back the sessionID (in a cookie > labeled "jsessionid"...) instead of the BASIC authentication >
You need to include the authentication information with every request for a protected resource, or you're going to get another challenge. rfc2617 says: 2 Basic Authentication Scheme ... A client SHOULD assume that all paths at or deeper than the depth of the last symbolic element in the path field of the Request-URI also are within the protection space specified by the Basic realm value of the current challenge. A client MAY preemptively send the corresponding Authorization header with requests for resources in that space without receipt of another challenge from the server. -- Christopher St. John [EMAIL PROTECTED] DistribuTopia http://www.distributopia.com -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>
