Http digest authentication

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Http digest authentication

Damian Gruber

I'm implementing a server which does digest access authentication (RFC 2617), and tried to test it using firefox as a client.
I have two questions regarding the firefox implementation of digest access authentication.

1) When the server's response contains a WRONG rspauth field, how does the firefox client react?
Does it notify the user about the fact that the server didn't properly authenticate itself?

2) If the user tries to access "/login", the server sends back a response which contains the following field in the WWW-Authenticate header:
domain="/login /protected"
After a successful authentication, the user then tries to access this url
Firefox also sends the Authorization header for this request, even if this url is not in the list from the WWW-Authenticate header, right?

3) Is there some debug output from Firefox, which I can access?

dev-tech-network mailing list
[hidden email]