Re: Minutes of 1/21 editorial teleconference...

>>>>> "BL" == Ben Laurie <> writes:

BL> I've just glanced through this, perhaps I've missed something. If nonces
BL> are going to be time-limited, we need a response that means "your nonce
BL> has expired" so the user is not prompted for a password again.

  It's in there... the server sends a 401 response, with the
  WWW-Authenticate header to provide nonce and 'stale=true' to
  indicate that it was the expired nonce that was the problem rather
  than the credentials.

Scott Lawrence           EmWeb Embedded Server       <>
Agranat Systems, Inc.        Engineering  

Received on Thursday, 22 January 1998 06:17:49 UTC