Message98115
| Author |
dieresys |
| Recipients |
akuchling, bwmcadams, dieresys, georg.brandl, jjlee, orsenthil |
| Date |
2010年01月21日.21:53:51 |
| SpamBayes Score |
0.011074212 |
| Marked as misclassified |
No |
| Message-id |
<1264110836.58.0.138617444311.issue2202@psf.upfronthosting.co.za> |
| In-reply-to |
| Content |
Here is a patch for supporting MD5-sess, following RFC2617 specification.
Some comments/warnings:
* I've only tested the patch against IIS 6.0. I don't know about other servers supporting MD5-sess.
* IIS 6.0 expects the User Agent to send the URI (in the Authorization header) without the query string.
* This patch doesn't add support for Digest sessions. For each request we make, we get a new [401|407] message with a new nonce (depending if we're talking about a proxy with digest authentication or a web server). Then we generate another authenticated request using that nonce. For Digest sessions to be fully supported, we should be adding an [WWW|Proxy]-Authenticate header in each following request we made to the server using the last nonce. This includes both MD5-sess and MD5 digest implementations.
* A1 is being recalculated for every request. Given the above, this is not a real problem.
I'll open a new ticket regarding Digest sessions. |
|