I'm implementing a server which does digest access authentication (RFC 2617), and tried to test it using firefox as a client.
I have two questions regarding the firefox implementation of digest access authentication.
1) When the server's response contains a WRONG rspauth field, how does the firefox client react?
Does it notify the user about the fact that the server didn't properly authenticate itself?
2) If the user tries to access "/login", the server sends back a response which contains the following field in the WWW-Authenticate header:
After a successful authentication, the user then tries to access this url
Firefox also sends the Authorization header for this request, even if this url is not in the list from the WWW-Authenticate header, right?
3) Is there some debug output from Firefox, which I can access?