- From: Julian Reschke <julian.reschke@greenbytes.de>
- Date: Sat, 04 Oct 2014 11:02:59 +0200
- To: Michael B Allen <ioplex@gmail.com>, ietf-http-wg@w3.org
On 2014-10-03 18:10, Michael B Allen wrote: > An HTTP authentication sequence looks something like: > > C: GET /some/thing/6678 > S: 401 Unauthorized > WWW-Authenticate: MyAwsomeAuth XlwYXNzd29yZA... > > C: GET /some/thing/6678 > Authorization: NTLM MyAwsomeAuth bGxXwYXbxXlYX... > S: 200 OK > > The way this is implemented on the server is to create some > authentication state and associate it with the client TCP connection > using the client's IP and remote port as an index into a map of > ongoing authentication state objects. > ... Hm, no. HTTP authentication is stateless, the server doesn't need to associate it with a life connection. Unless you're talking about the weirdo NTLM, which never should have been approved as HTTP authentication scheme. Best regards, Julian
Received on Saturday, 4 October 2014 09:03:28 UTC