[ back to toc ]


Date: 2002/06/17 15:45

what are the http client headers used in authorization or mod_auth in perl
apache. How are they used?
Basic authentication sends headers from the client to the server whenever
the server requests that. The first action is after you started your
browser and you go to a password protected page is that the client sends
the request to the server without password.

The server answers with the error code 401 and sends a header

www-authenticate: basic realm=XYZ

in the answer. The keyword 'basic' means that the server requests basic
authentication and the realm value identifies the service on the server.
Different services on the same server may require different usernames and
passwords. the keyword XYZ anfter the realm= identifies the service. This
string is also printed on the pop-up window in the browser and whenever
the same server sends the same realm the client will automatically resend
the same password.

By now, when the server sends this answer the first time the client opens
the pop-up window and after getting the username and password from the
user resends the request adding the header field:

Authorization: Basic BASE64ENCODEDUNANDPW

where BASE64ENCODEDUNANDPW is actuall the string 'username:password' bas64
encoded. Practically this is plain text.

I hope this was the answer for your question. mod_auth actually does this.

You can visit


to see a clean Perl implementation of a web client and that may help you
understand how it works even more.


[ back to toc ]