HTTP basic authentication

Written on 3 November 2013, 12:28pm

Tagged with: , ,

A few notes:

– it only uses HTTP headers
– it does not encrypt the username:password, it only base64 encodes them to obtain a string (think about a password containig two newlines 🙂 )
– so it is highly recommended to be used over HTTPS
– if this is not possible, then HTTP digest authentication should be used instead
– initially, the server responds with a HTTP 401 Non Authorized response code
– the HTTP headers must be sent by the browser with every subsequent request, so caching is necessary
– the web server does not provide a ‘log out’ mechanism; each browser has its own way of logging out. Example for Chrome: load

More details on the Wikipedia page:
HTTP Digest Access Authentication:
How to set up HTTP Basic Authentication in Apache:

Photo: iStockPhoto

Leave a response