This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 23706 - authentication entry scope
Summary: authentication entry scope
Status: RESOLVED FIXED
Alias: None
Product: WHATWG
Classification: Unclassified
Component: Fetch (show other bugs)
Version: unspecified
Hardware: PC All
: P2 normal
Target Milestone: Unsorted
Assignee: Anne
QA Contact: sideshowbarker+fetchspec
URL:
Whiteboard: blocked on insufficient interest
Keywords:
Depends on:
Blocks: 26556
  Show dependency treegraph
 
Reported: 2013-11-01 17:16 UTC by Anne
Modified: 2014-11-03 10:50 UTC (History)
1 user (show)

See Also:


Attachments

Description Anne 2013-11-01 17:16:47 UTC
We need to be clearer about the persistence of this. E.g. tie it to some kind of session concept. And maybe document risks and learned lessons at some point.
Comment 1 Anne 2013-11-05 17:57:16 UTC
I guess saying the user agent can cache it for this URL is good enough. Session concept seems to be something user agent specific that has not made its way into specifications yet. (See e.g. HSTS for something else that just ties it to the user agent.)
Comment 2 Anne 2014-05-21 13:45:34 UTC
http://tools.ietf.org/html/draft-ietf-httpbis-p7-auth-26#section-2.2 seems clear enough...