<div dir="ltr">
<div class="gmail_quote"><div>Hi Tim,<br><br></div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div class="Ih2E3d"><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
3. the onsubmit handler sends XMLHttpRequest with the appropriate auth-headers set using those form fields<br>
</blockquote>
<br></div>
Nice interesting solution. I will play with that. How well does that work on IE6?<br>
Mind you I still would not use it, as it supports no safe logout and no ability to timeout or logout from the server end.<div class="Ih2E3d"></div></blockquote><div><br>Putting the username and password into the URL as described is <a href="http://support.microsoft.com/kb/834489">officially unsupported</a> in IE, and only works (unofficially) in some versions.<br>
</div></div><br>You'll get a lot better mileage if you use the last two optional arguments in the XmlHttpRequest open() method to specify username and password. Otherwise you'll find that you can't override Auth headers that the browser decides to set, at least for Basic Auth (I haven't tried it with Digest). I explore some of this issues in my <a href="http://extjs.com/learn/Manual:RESTful_Web_Services#HTTP_Authentication">RESTful Web Services</a> article on the ExtJS wiki.<br>
<br>Really interested to see what you end up implementing, so keep us posted!<br><br>Cheers,<br><br>Patrick<br></div>