Browser Side Access Authorization Description
The exact browser side Access Authorization procedures are described
in the corresponding protection scheme specification:
During a browsing session the client side keeps track on the hosts,
schemes, and the corresponding usernames and passwords. Because the
browser keeps track of this authorization information, on subsequent
requests to servers that it has contacted already during a particular
browsing session, the browser can automatically send the authorization
information
- without first failing to access the document, and
- without having to re-prompt for the username and password from the user.
How Does the Browser Know When to Send AA Info
The protected documents are to be collected to directories of
protected documents. In those directories there should be only
protected documents, all of which are protected by the same scheme.
The browser can then use this assumption to make the decision about
whether to send authorization information along with the request:
If the servers replies 401 (Unauthorized) for some file, every
other file in that directory and in its subdirectories is
considered protected by that same server (and shceme).
The 'directory' in this context means what seems to be a directory
when examining a given URL.
AL 12 December 1993