HTTP Authentication and realms

Michael Foord fuzzyman at gmail.com
Mon Sep 6 08:47:07 CEST 2004


Peter van Kampen <news at woody.datatailors.com> wrote in message news:<slrncjkilj.8nd.news at woody.datatailors.com>...
> In comp.lang.python, you wrote:
> 
> [snip]
> 
> > The bottom line for me is that I don't actually understand what a
> > realm is
> 
> from: http://www.ietf.org/rfc/rfc2617.txt
> 
> "[...] realms allow the protected resources on a server to be partitioned
> into a set of protection spaces, each with its own authentication scheme
> and/or authorization database. The realm value is a string, generally
> assigned by the origin server, which may have additional semantics specific
> to the authentication scheme. Note that there may be multiple challenges
> with the same auth-scheme but different realms."
> 
> > and how http does authentication beyond the first page access > - does
> > it need the username and password encoded in the headers for > access to
> > every page in that realm ?
> 
> Yes (HTTP is a stateless protocol). Your browser usually remembers your
> username and password for 'realms' you've already authenticated for so you
> only enter is once but it sent along with each request.
> 
> Hth,
> 
> PterK


Thanks for your help Peter.
I was hoping there was some way round this - but it looks like my CGI
will have to store realm-password information for each user... *rats*

Thanks

Fuzzy

http://www.voidspace.org.uk/atlantibots/pythonutils.html



More information about the Python-list mailing list