Christoph Landwehr wrote at 2004-3-15 20:53 +0100:
... If I log in in the (let's say) root-folder, an the view a document below root, I am authenticated, no matter if the object needs authentication or not. I understand that the autentication is being aquired.
If I log in at object B (authentication required) and than view document A (no authentication) an the same level, I am NOT authenticated (not on aquisition path). But I can view third document (authentication required) on the same level without being asked for an authentication again, although it is not in the aquisition path of the first object.
That's a bit confusing (for me)
This is what the HTTP 1.1 specification suggests to do... There is also some motivation given for these suggestions ... -- Dieter