Re: [Bug 18] no record of consensus for force-authenticate

Geoffrey M Clemm wrote:
> 
> To avoid sending the PUT body twice, why can't a client just
> use the standard HTTP "Expect 100-Continue" header?

It could, but it's a known problem that few servers implement that 
correctly, meaning that the expected header check is indeed skipped (for 
instance, a server using the servlet API normally doesn't have any 
chance doing this check, see 
<http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4812000>).

> And if a client is proactively checking for authentication preceding
> a series of PUT calls, then having it just perform an initial LOCK/UNLOCK
> to get the credential challenge doesn't seem like an unreasonable overhead
> (2 initial requests).
> 
> So is this just a technique for servers that want to provide this
> capability but don't want to support LOCK?  

Seems so, because LOCK seems to be yet another existing way to get what 
those clients want.

Best regards, Julian

Received on Saturday, 29 October 2005 08:21:27 UTC