- From: <wyllys@reston.ans.net>
- Date: Fri, 14 Mar 1997 11:23:28 -0500 (EST)
- To: Dave Kristol <dmk@research.bell-labs.com>
- Cc: http-wg@cuckoo.hpl.hp.com
I beleive that UA's are supposed to send it every time as long as it is going through the same proxy. MSIE has at least one bug relating to the Proxy-Authorization where it does not send it in some circumstances. There may be others. For example: If you have never "proxy-authenticated" previously and you request a non-HTTP URL, if the proxy responds asking for Proxy-Authorization MSIE 3.01 will not respond at all. This bug is known by MS (I spoke with them just the other day) and should be fixed in the next release. The whole benefit of Proxy-Auth would be lost if it was only sent once and never again. Users would be constantly bombarded with requests to re-authenticate every time a URL request was made to the proxy unless the proxy somehow maintained some sort of state between connections and knew how to associate old authorization credentials with each new request. -- Wyllys Ingersoll ANS Communications Reston, VA > > An application I'm working on depends on a user agent's sending the > Proxy-Authorization header to a proxy every time once authentication > has been requested (and is successful). Netscape does so; MSIE 3.01 > does not. > > The HTTP/1.1 spec. is silent about whether a UA must send the header > every time. I would like to know what the intended behavior is. If > "every time" is the intended behavior, the spec. needs to be > clarified. > > Dave Kristol > >
Received on Friday, 14 March 1997 08:25:44 UTC