I think server should read all the request from the client (including 
request data) before responding, even in case of 401 response.
Apache does the same.

 From client side, Internet Explorer also retransmits the whole POST 
data with every request.

Fastream Technologies wrote:
> Hello,
> I have a question that I am unsure about POST/require authentication. When a 
> request arrives at a HTTP server, unless it already contains valid auth 
> data, a 401 response is returned. This is very easy with GET and HEAD as the 
> request contains data no more than the header. However with POST, the actual 
> form data which can be more than MBs is uploaded immediately by the client 
> without waiting for a response (unlike FTP). So my problem is:
> - consider a POST request with no auth data and of 1MB size
> - folder is password protected by digest auth
> - at TriggerPOSTdocument, the server decides 401
> - however even after the 401 is sent, data keeps coming from the client
> - the next keep-alive request is bad (garbage!!!)
> Any idea?
> Best Regards,
> SubZero 
To unsubscribe or change your settings for TWSocket mailing list
please goto http://www.elists.org/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be

Reply via email to