Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Add a link to RFC 9218.


BASIC and DIGEST authentication methods

RFC 2068 (January 1997) - Hypertext Transfer Protocol -- HTTP/1.1 - obsolete, replaced by 2616
RFC 2069 (January 1997) - An Extension to HTTP : Digest Access Authentication - obsolete, replaced by 2617.
The authentication as a whole and the BASIC authentication method were defined in RFC 2068 ch.11. The DIGEST authentication method was defined in RFC 2069.

RFC 2617 (June 1999) - HTTP Authentication: Basic and Digest Access Authentication - obsolete,
It covers BASIC and DIGEST authentication methods

RFC 7616 (September 2015) - HTTP Digest Access Authentication
RFC 7617 (September 2015) - The 'Basic' HTTP Authentication Scheme

See also RFC 7235 (obsolete), RFC 7615 (obsolete), RFC 9110.

RFC 6265

"HTTP State Management Mechanism"

The specification about cookies. It is implemented by org.apache.tomcat.util.http.Rfc6265CookieProcessor that is available since Tomcat 8.0.15 and is the default one starting with Tomcat 8.5.0. See also "Cookies" page in "Development and Development Issues / Archive" on this wiki.

Obsolete specifications: RFC2109, RFC 2965.

RFC 6266

"Use of the Content-Disposition Header Field in the Hypertext Transfer Protocol (HTTP)"

Content-Disposition header is used by file uploads. See also Bug 59115


"Hypertext Transfer Protocol (HTTP) Keep-Alive Header". A draft of specification.

Support for sending a Keep-Alive response header was added in Tomcat 8.5.48, 9.0.29 — Bug 63835. This feature can be turned off via an attribute on HTTP/1.1 Connector.

RFC 9218 (June 2022)

"Extensible Prioritization Scheme for HTTP"

Defines prioritization scheme and priority signals. To be used in HTTP/2 as a replacement for the original specification of stream priority signals (defined by RFC 7540) that was later deprecated by RFC 9113 (section 5.3.2.).

Not yet implemented by Apache Tomcat. (As of December 6th 2022)

See discussion.


The AJP protocol specification lives on the Apache Tomcat Connector web site.