Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Add links to HTTP Auth specifications of 2015 (Digest and Basic)

...

 HTTP - Related Specifications

BASIC and DIGEST authentication methods

RFC 2068 (January 1997) - Hypertext Transfer Protocol -- HTTP/1.1 - obsolete, replaced by 2616
RFC 2069 (January 1997) - An Extension to HTTP : Digest Access Authentication - obsolete, replaced by 2617".
The authentication as a whole and the BASIC authentication method were defined in RFC 2068 ch.11. The DIGEST authentication method was defined in RFC 2069.

RFC 2617 (June 1999) - HTTP Authentication: Basic and Digest Access Authentication "- obsolete,
It covers BASIC and DIGEST authentication methodsIt was updated by RFC 7235

RFC 7616 (September 2015) - HTTP Digest Access Authentication
RFC 7617 (September 2015) - The 'Basic' HTTP Authentication Scheme

See also RFC 7235 (obsolete), RFC 7615 (obsolete), RFC 9110.

RFC 6265

"HTTP State Management Mechanism"

The specification about cookies. It is implemented by org.apache.tomcat.util.http.Rfc6265CookieProcessor that is available since Tomcat 8.0.15 and is the default one starting with Tomcat 8.5.0. See also "Cookies" page in "Development and Development Issues / Archive" on this wiki.

Obsolete specifications: RFC2109, RFC 2965.

RFC 6266

"Use of the Content-Disposition Header Field in the Hypertext Transfer Protocol (HTTP)"

Content-Disposition header is used by file uploads. See also Bug 59115

draft-thomson-hybi-http-timeout-03

"Hypertext Transfer Protocol (HTTP) Keep-Alive Header". A draft of specification.

Support for sending a Keep-Alive response header was added in Tomcat 8.5.48, 9.0.29 — Bug 63835. This feature can be turned off via an attribute on HTTP/1.1 Connector.

...