[mod_python] Controlling authentication at run-time

Michael S. Fischer michael at dynamine.net
Tue May 18 13:19:42 EDT 2004


Diener, Edward writes:

> Why would the browser hide this action from me, producing no prompt ?

The browser caches credentials so that the user doesn't have to
re-authenticate every time he requests a page in the same authentication
realm during the same session.   

To do so otherwise would make the web browsing experience very annoying:
Imagine having to re-enter your user ID and password every time you changed
pages during a web banking session.

Note that this behavior was present in Web browsers even before Netscape
introduced cookies.

--Michael



More information about the Mod_python mailing list