On Mar 30, 2007, at 02:46, Jean-Paul Passama wrote:

> When I send a GET command with login/password, I see that the command 
> is
> sended first without login/password then (less than 1 second after) 
> with
> the Authorization field correctly filled.
> Do you have an idea about this ?

This is how secure http access works:
1. The client makes a request to the browser not knowing that the 
resource is secured.
2. The server responds with an error code announcing that access is 
denied (because there were no valid credentials).
3. The client then submits a second request with the appropriate 
4. The server allows access if the new request passes authentication.

Browsers normally make this transparent by prompting the user for the 
credentials the first time, and automatically sending them on every 
subsequent request.  The reason is that since the HTTP protocol is 
state-less, there is no way for the server to request authentication 
credentials on the first request once it has been sent, it can only 
respond with an error.


        DZ-Jay [TeamICS]

To unsubscribe or change your settings for TWSocket mailing list
please goto http://www.elists.org/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be

Reply via email to