[Melbourne-pm] Web auth meth

Patrick Donelan pat at patspam.com
Wed Sep 10 17:51:47 PDT 2008

 Hi Tim,

3. the onsubmit handler sends XMLHttpRequest with the appropriate
>> auth-headers set using those form fields
> Nice interesting solution. I will play with that. How well does that work
> on IE6?
> Mind you I still would not use it, as it supports no safe logout and no
> ability to timeout or logout from the server end.

Putting the username and password into the URL as described is officially
unsupported <http://support.microsoft.com/kb/834489> in IE, and only works
(unofficially) in some versions.

You'll get a lot better mileage if you use the last two optional arguments
in the XmlHttpRequest open() method to specify username and password.
Otherwise you'll find that you can't override Auth headers that the browser
decides to set, at least for Basic Auth (I haven't tried it with Digest). I
explore some of this issues in my RESTful Web
on the ExtJS wiki.

Really interested to see what you end up implementing, so keep us posted!


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.pm.org/pipermail/melbourne-pm/attachments/20080911/2e872fb1/attachment.html>

More information about the Melbourne-pm mailing list