On Mar 30, 2007, at 02:46, Jean-Paul Passama wrote: > When I send a GET command with login/password, I see that the command > is > sended first without login/password then (less than 1 second after) > with > the Authorization field correctly filled. > > Do you have an idea about this ?
This is how secure http access works: 1. The client makes a request to the browser not knowing that the resource is secured. 2. The server responds with an error code announcing that access is denied (because there were no valid credentials). 3. The client then submits a second request with the appropriate credentials. 4. The server allows access if the new request passes authentication. Browsers normally make this transparent by prompting the user for the credentials the first time, and automatically sending them on every subsequent request. The reason is that since the HTTP protocol is state-less, there is no way for the server to request authentication credentials on the first request once it has been sent, it can only respond with an error. dZ. -- DZ-Jay [TeamICS] http://www.overbyte.be/eng/overbyte/teamics.html -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be