Hello Laurie,
Thanks for your response..
Iam purposefully not sending authentication header for second request as i
want to maintain "authenticated session" with the server till the client closes
the connection..
>>Sending a session cookie has no effect on HTTP authentication.
Than hows all webapps work??I thought that authentication happens only once
during login page and all subsequent accesses to the protected resource will be
granted by the server based on the Cookie sent from client??
Many Thanks
Laurie Harper <[EMAIL PROTECTED]> wrote:
Prashanth.S wrote:
> Hello All,
> I have got a simple question on BASIC authentication on webresources using
> Tomcat.
>
> I had set up this BASIC authentication on tomcat and tomcat[because of my
> misconfiguration????] seems to authenticate user every time they accesses
> resource though the client is sending back the jsessionID cookie for session
> tracking...
>
> 2 request-response formats are as follows..Ideally i dont expect it to throw
> me an unauthorized error for the 2nd request..Can anyone point out what am i
> doing wrong??
You're not sending the Authorization header in the second request.
Remember, HTTP is stateless. Sessions are a web-app thing and have
nothing to do with HTTP authentication. Sending a session cookie has no
effect on HTTP authentication.
L.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------
Do you Yahoo!?
New and Improved Yahoo! Mail - 1GB free storage!
