HTTP Authentication and realms
Peter van Kampen
news at woody.datatailors.com
Sat Sep 4 19:07:31 EDT 2004
In comp.lang.python, you wrote:
[snip]
> The bottom line for me is that I don't actually understand what a
> realm is
from: http://www.ietf.org/rfc/rfc2617.txt
"[...] realms allow the protected resources on a server to be partitioned
into a set of protection spaces, each with its own authentication scheme
and/or authorization database. The realm value is a string, generally
assigned by the origin server, which may have additional semantics specific
to the authentication scheme. Note that there may be multiple challenges
with the same auth-scheme but different realms."
> and how http does authentication beyond the first page access > - does
> it need the username and password encoded in the headers for > access to
> every page in that realm ?
Yes (HTTP is a stateless protocol). Your browser usually remembers your
username and password for 'realms' you've already authenticated for so you
only enter is once but it sent along with each request.
Hth,
PterK
--
Peter van Kampen
pterk -- at -- datatailors.com
More information about the Python-list
mailing list