[mod_python] Controlling authentication at run-time

Jorey Bump list at joreybump.com
Tue May 18 16:27:45 EDT 2004

Diener, Edward wrote:

> Why would the browser hide this action from me, producing no prompt ?

For the sake of convenience. A browser must prompt for the login when it 
first encounters a location protected by HTTP Basic Authentication, 
since it doesn't know the user/password. Obviously, anyone could program 
a browser that simply caches this information for later reuse, but 
convention requires that the browser forgets this information when you 
close it. In fact, many will offer to save these values for future use 
(a potentially dangerous practice).

Why is this behavior important? Pick any modern password-protected web 
site and count the number of dependent files that must be loaded to 
render the page, such as images, stylesheets, javascript sources, etc. 
If your browser didn't remember your login, you would be prompted for 
every single one of those files. The site would be practically unusable.

More information about the Mod_python mailing list