- From: Robert Sayre <sayrer@gmail.com>
- Date: Sat, 11 Mar 2006 12:12:13 -0500
- To: "Mark Nottingham" <mnot@yahoo-inc.com>
- Cc: ietf-http-wg@w3.org
On 3/10/06, Mark Nottingham <mnot@yahoo-inc.com> wrote: > > RFC 2616 section 14.8 says: > > > If a request is > > authenticated and a realm specified, the same credentials SHOULD > > be valid for all other requests within this realm > > a) Is the intent of the first SHOULD to allow credential caching > (e.g., similar to [1]) in intermediaries? My guess would be no. I think it means that the same username/password combination should be valid throughout the the realm. For example, Digest clients can send cnonce and nonce-count values, so the actual data sent changes with each request. -- Robert Sayre
Received on Saturday, 11 March 2006 18:18:18 UTC