When I request an HTTP Basic Auth user from a specific URL, the browser Authorizationonly sends the header for this and some other URLs.
Testing a script written in PHP:
http://testauth.veadev.tk/
There are three URLs for requesting credentials (you can use any random). Logout (resets the current credentials after clicking the "Cancel" button in the browser authorization form, does not work in IE). Links to the root url and some deeper urls.
Questions:
Why doesn't the browser send a header Authorizationto the /URL if it HTTP/1.0 401 Unauthorizedwas sent to /system/dev? Repeat: open clean http://testauth.veadev.tk/ , click Auth2, enter all credentials, then you will be redirected to /. You will see Auth: nullthat means that the browser was not sent the credential header.
Why does the browser send the Authorizationheader to /if it HTTP/1.0 401 Unauthorizedwas sent to /dev? To repeat: open http://testauth.veadev.tk/ , click Auth1, enter all the credentials, then you will go to /. You will see something like Auth: string 'Basic dHQ6dHQ=' (length=14), which means the credential header was sent by the browser.
Auth1, Root . ?
Auth3 (/some/deep/and/long/url), Page3 (/some/deep/and/long/3) . ?
, Logout, Cancel Auth Root, (Firefox, Google Chrome).
Authorization?