cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Authentication credentials ignored after second incorrect request

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Tue, 12 Jul 2011 23:33:53 +0200 (CEST)

On Mon, 11 Jul 2011, abc def wrote:

> using the wrong user:password on purpose for testing. The first request is
> correctly challenged with a 401 + Authenticate header. The challenge
> response correctly consists of the Authorization header. As the password
> supplied is wrong, I send a 401 + Authenticate header again. This results
> in an "Authentication problem. ignoring..."

> I want to know if the simulated client(curl) is written to behave this way
> or if Im doing something wrong. I am of the opinion that is should have
> responded with the authorization header again.

Sorry but I don't understand. Why would it respond again? When you sent back
the 401 again it was a signal that the password is wrong, sending it again
from the client won't help! It needs to fail to the user so that the user can
provide a new password and a second attempt can be made.

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Received on 2011-07-12