Connected: An Internet Encyclopedia
14.8 Authorization
Up:
Connected: An Internet Encyclopedia
Up:
Requests For Comments
Up:
RFC 2068
Up:
14 Header Field Definitions
Prev: 14.7 Allow
Next: 14.9 Cache-Control
14.8 Authorization
14.8 Authorization
A user agent that wishes to authenticate itself with a server--
usually, but not necessarily, after receiving a 401 response--MAY do
so by including an Authorization request-header field with the
request. The Authorization field value consists of credentials
containing the authentication information of the user agent for the
realm of the resource being requested.
Authorization = "Authorization" ":" credentials
HTTP access authentication is described in section 11. If a request
is authenticated and a realm specified, the same credentials SHOULD
be valid for all other requests within this realm.
When a shared cache (see section 13.7) receives a request containing
an Authorization field, it MUST NOT return the corresponding response
as a reply to any other request, unless one of the following specific
exceptions holds:
- If the response includes the "proxy-revalidate" Cache-Control
directive, the cache MAY use that response in replying to a
subsequent request, but a proxy cache MUST first revalidate it with
the origin server, using the request-headers from the new request
to allow the origin server to authenticate the new request.
- If the response includes the "must-revalidate" Cache-Control
directive, the cache MAY use that response in replying to a
subsequent request, but all caches MUST first revalidate it with
the origin server, using the request-headers from the new request
to allow the origin server to authenticate the new request.
- If the response includes the "public" Cache-Control directive, it
may be returned in reply to any subsequent request.
Next: 14.9 Cache-Control
Connected: An Internet Encyclopedia
14.8 Authorization