Re: Caching authentication state

On 3/10/06, Mark Nottingham <mnot@yahoo-inc.com> wrote:
>
> RFC 2616 section 14.8 says:
>
> >       If a request is
> >       authenticated and a realm specified, the same credentials SHOULD
> >       be valid for all other requests within this realm
>
> a) Is the intent of the first SHOULD to allow credential caching
> (e.g., similar to [1]) in intermediaries?

My guess would be no. I think it means that the same username/password
combination should be valid throughout the the realm. For example,
Digest clients can send cnonce and nonce-count values, so the actual
data sent changes with each request.

--

Robert Sayre

Received on Saturday, 11 March 2006 18:18:18 UTC