Comments on: Technical note: HTTP Auth with AJAX

By: freelock

freelock — Fri, 20 May 2011 04:15:53 +0000

If you’re using PHP or another language to send the 401, the browser does another request, sending the credentials the next time. Then you can check them and return something else — 403 if they’re bad, for example.

Don’t use the web server authentication module for this…

By: Chase

Chase — Fri, 20 May 2011 03:45:45 +0000

How do you get the server to return an error code OTHER THAN 401 on the 2nd response when the credentials are bad?

By: freelock

freelock — Fri, 04 Feb 2011 18:31:41 +0000

Well, as I understand it, you cannot avoid the first 401 response — your browser will not send credentials until it receives this. However, once your browser has received a 200 response after the 401, it sends the credentials on all subsequent requests (until it gets another 401).

Are your requests being sent before the 200 response comes back?

I’d suggest doing some initial request to establish the credentials that happens before you make any other requests. Then later requests should work fine.

However, I think I did have trouble getting this login process to work correctly in Chrome… I think I had to disable this http login approach because I couldn’t get Chrome to work without throwing up an http auth dialog… This post is 2 1/2 years old!

By: russell

russell — Fri, 04 Feb 2011 02:27:50 +0000

Hello,
I came acroos your post and found it helpfull.
I have a situation where I must make MANY calls from the brower to the beckend. EACh of these calls (and there are over 200) gets a 401 response , and then the bowser sends the credentials.
Do you know of a way to send the credentials on the first request, so as to avvoid the server sending the 401 and the client having to respond with the credebtials?
TIA,
Russell