W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1998

Re: Minutes of 1/21 editorial teleconference...

From: Scott Lawrence <lawrence@agranat.com>
Date: Thu, 22 Jan 1998 09:00:34 -0500
Message-Id: <199801221400.JAA27856@devnix.agranat.com>
To: Ben Laurie <ben@algroup.co.uk>
Cc: http-wg@cuckoo.hpl.hp.com

>>>>> "BL" == Ben Laurie <ben@algroup.co.uk> writes:

BL> I've just glanced through this, perhaps I've missed something. If nonces
BL> are going to be time-limited, we need a response that means "your nonce
BL> has expired" so the user is not prompted for a password again.

  It's in there... the server sends a 401 response, with the
  WWW-Authenticate header to provide nonce and 'stale=true' to
  indicate that it was the expired nonce that was the problem rather
  than the credentials.

--
Scott Lawrence           EmWeb Embedded Server       <lawrence@agranat.com>
Agranat Systems, Inc.        Engineering            http://www.agranat.com/
Received on Thursday, 22 January 1998 06:17:49 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:33:11 EDT