Reputation: 6004
basic HTTP authentication on subsequent requests
The image below depicts basic HTTP authentication. The client requests /family resource and it is asked to identify itself. It does and now it can access the /family. The client then also asks for /family/photos/kids resource which is in the family realm.
The client already identified itself for /family resource, but not also for /family/photos/kids. They are in the same realm, but the server doesn't know that the same client issued a request. Or does it? How does the server know that this particular client is also allowed to access /family/photos/kids on subsequent request? Is the password and username send on every request after the user has authenticated? Is the client asked for via pop-up for every request he/she makes? Are cookies set upon first authentication?
Upvotes: 6
Views: 3013
Answers (1)
Reputation: 39241
Basic authentication requires a header sent by client. No cookies or server session
When the client requests a resource, sends the Authorization header
GET /family
Authorization: Basic token
Where token is base64(username: password). Username followed by ':' and password encoded in base 64
If you are requesting a protected resourced from your browser for example a GET request, and you do not provide the header, the browser shows the autenticathion form and remember it for subsequent requests in the same domain
Upvotes: 7
Related Questions
- How to use java.net.URLConnection to fire and handle HTTP requests
- HTTP GET with request body
- Android 8: Cleartext HTTP traffic not permitted
- HTTP response code for POST when resource already exists
- What is the difference between POST and PUT in HTTP?
- HTTP status code for update and delete?
- How are parameters sent in an HTTP POST request?
- Use of PUT vs PATCH methods in REST API real life scenarios
- Custom HTTP headers : naming conventions