HTTP Authentication and realms

Michael Foord fuzzyman at
Mon Sep 6 08:47:07 CEST 2004

Peter van Kampen <news at> wrote in message news:< at>...
> In comp.lang.python, you wrote:
> [snip]
> > The bottom line for me is that I don't actually understand what a
> > realm is
> from:
> "[...] realms allow the protected resources on a server to be partitioned
> into a set of protection spaces, each with its own authentication scheme
> and/or authorization database. The realm value is a string, generally
> assigned by the origin server, which may have additional semantics specific
> to the authentication scheme. Note that there may be multiple challenges
> with the same auth-scheme but different realms."
> > and how http does authentication beyond the first page access > - does
> > it need the username and password encoded in the headers for > access to
> > every page in that realm ?
> Yes (HTTP is a stateless protocol). Your browser usually remembers your
> username and password for 'realms' you've already authenticated for so you
> only enter is once but it sent along with each request.
> Hth,
> PterK

Thanks for your help Peter.
I was hoping there was some way round this - but it looks like my CGI
will have to store realm-password information for each user... *rats*



More information about the Python-list mailing list