On 3/10/06, Mark Nottingham <mnot@yahoo-inc.com> wrote: > > RFC 2616 section 14.8 says: > > > If a request is > > authenticated and a realm specified, the same credentials SHOULD > > be valid for all other requests within this realm > > a) Is the intent of the first SHOULD to allow credential caching > (e.g., similar to [1]) in intermediaries? My guess would be no. I think it means that the same username/password combination should be valid throughout the the realm. For example, Digest clients can send cnonce and nonce-count values, so the actual data sent changes with each request. -- Robert SayreReceived on Saturday, 11 March 2006 18:18:18 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:22:14 GMT