Link: http://trac.tools.ietf.org/wg/httpbis/trac/ticket/78
Origin: http://www.w3.org/mid/5A4607FB-6F74-4C7F-BF60-37E0EFEC97DF@yahoo-inc.com
Component: p7-auth
Are these mechanisms exclusive? I.e., can they only be used together, or can a cookie-based authentication scheme (for example) use 401?
I don't think I understand this ticket. Is it an issue or a discussion item?
401 requires WWW-Authenticate. 401 is specifically designed to signal the use of HTTP authentication. I don't think it makes any sense to use it for cookie-based authentication, since the client is completely unaware that the cookies are being used for auth.