HTTP Authentication and realms
Michael Foord
fuzzyman at gmail.com
Mon Sep 6 02:47:07 EDT 2004
Peter van Kampen <news at woody.datatailors.com> wrote in message news:<slrncjkilj.8nd.news at woody.datatailors.com>...
> In comp.lang.python, you wrote:
>
> [snip]
>
> > The bottom line for me is that I don't actually understand what a
> > realm is
>
> from: http://www.ietf.org/rfc/rfc2617.txt
>
> "[...] realms allow the protected resources on a server to be partitioned
> into a set of protection spaces, each with its own authentication scheme
> and/or authorization database. The realm value is a string, generally
> assigned by the origin server, which may have additional semantics specific
> to the authentication scheme. Note that there may be multiple challenges
> with the same auth-scheme but different realms."
>
> > and how http does authentication beyond the first page access > - does
> > it need the username and password encoded in the headers for > access to
> > every page in that realm ?
>
> Yes (HTTP is a stateless protocol). Your browser usually remembers your
> username and password for 'realms' you've already authenticated for so you
> only enter is once but it sent along with each request.
>
> Hth,
>
> PterK
Thanks for your help Peter.
I was hoping there was some way round this - but it looks like my CGI
will have to store realm-password information for each user... *rats*
Thanks
Fuzzy
http://www.voidspace.org.uk/atlantibots/pythonutils.html
More information about the Python-list
mailing list