Haxx ad

curl's project page on


cURL > Mailing List > Monthly Index > Single Mail

curl-users Mailing List Archives

Re: Re: Re: problem with http basic authentication and multiple redirects

From: <>
Date: Wed, 26 Nov 2008 21:36:37 +0100

> > There's still a problem: curl sends the basic authentication header
> > again and again on all subsequent redirected GETs.
>> I don't think it should be doing that unless you are using the
>> --location-trusted option.
> Under exactly what conditions are you
> finding this happens?

The circumstances are:
The redirects are always staying on the same host.
And it's always https.

I used the --anyauth and --location options, but not --location-trusted.
(and --user, --socks4a, --cookie-jar, -o, -v, -k)

As far as I remember, the sequence is now (I can provide some information
from the -v output tomorrow.)

#1 (original path)
GET /path/app?par=filename

HTTP/1.x 302 Moved Temporarily
Location: /basicbcaaa/protected/basicbcaaa/?par=BASE64ENCODEDSESSION==

#2 (redirect to sign on application)
GET /basicbcaaa/protected/basicbcaaa/?par=BASE64ENCODEDSESSION==

HTTP/1.x 401 Unauthorized
WWW-Authenticate: BASIC realm="WWW2 basic"

#3 (sign on)
GET /basicbcaaa/protected/basicbcaaa/?par=BASE64ENCODEDSESSION==
Authorization: Basic aBcDeFaBcDeFaBcDeFaBcDeF

HTTP/1.x 302 Moved Temporarily
Location: /path/app?par=filename;cookiename=cookievalue
Set-Cookie: SSOCookie=BASE64ENCODED-SSOTOKEN==; Path=/

#4 (redirect to original application, with session id)
GET /path/app?par=filename;somename=somevalue
Authorization: Basic aBcDeFaBcDeFaBcDeFaBcDeF

HTTP/1.x 302 Moved Temporarily
Location: /path/app?par=filename

#5 (again, original request, this time with some cookies)
GET /path/app?par=filename
Authorization: Basic aBcDeFaBcDeFaBcDeFaBcDeF

HTTP/1.x 200 OK
Content-Type: application/x-download

List admin:
Received on 2008-11-26

These mail archives are generated by hypermail.

donate! Page updated November 12, 2010.
web site info

File upload with ASP.NET