Author dieresys
Recipients akuchling, bwmcadams, dieresys, georg.brandl, jjlee, orsenthil
Date 2010-01-21.21:53:51
SpamBayes Score 0.0110742
Marked as misclassified No
Message-id <>
Here is a patch for supporting MD5-sess, following RFC2617 specification.

Some comments/warnings:
 * I've only tested the patch against IIS 6.0. I don't know about other servers supporting MD5-sess.
 * IIS 6.0 expects the User Agent to send the URI (in the Authorization header) without the query string.
 * This patch doesn't add support for Digest sessions. For each request we make, we get a new [401|407] message with a new nonce (depending if we're talking about a proxy with digest authentication or a web server). Then we generate another authenticated request using that nonce. For Digest sessions to be fully supported, we should be adding an [WWW|Proxy]-Authenticate header in each following request we made to the server using the last nonce. This includes both MD5-sess and MD5 digest implementations.
 * A1 is being recalculated for every request. Given the above, this is not a real problem.

I'll open a new ticket regarding Digest sessions.
Date User Action Args
2010-01-21 21:53:56dieresyssetrecipients: + dieresys, akuchling, georg.brandl, jjlee, orsenthil, bwmcadams
2010-01-21 21:53:56dieresyssetmessageid: <>
2010-01-21 21:53:55dieresyslinkissue2202 messages
2010-01-21 21:53:54dieresyscreate