-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Pid,
On 7/1/2010 3:31 AM, Pid wrote: > On 01/07/2010 02:30, Christopher Schultz wrote: >> Matthew, >> >> On 6/30/2010 8:20 PM, Matthew Mauriello wrote: >>> The behavior seems rather strange to me in fact, I've seen other websites >>> run on what looks to be BASIC Authentication without popping these browser >>> messages when leaving secured sections. >> >> Most websites use HTTP AUTH consistently, at least for a particular URL >> prefix. >> >>> See the http://user:passw...@website.com/SOLR is only used once and it >>> might actually be http://user:passw...@website.com/SOLR/ I have to look >>> into this. >> >>> I feel like the authentication cookie is being created for the user and >>> then being forwarded to every page the user visits after that. > > BASIC auth doesn't create an authentication cookie does it? The browser > sends an 'Authorization' header instead. Yep, no cookie. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkwv8ToACgkQ9CaO5/Lv0PARzgCfbS+vLZEPbBuZpLs1ebiiLWTq K1cAoLo8yixRBwEO2urSaRaT214bNa0Y =P9fN -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
