I have Nginx webserver with PAM module for basic authentication, and the client side is the javascript. I have to fix one security issue, where we want to stop sending authorization header from browser on the subsequent request. After the first authentication , I want browser to send cookie instead of authorization header for authentication purpose. What is the way to achieve the same.
Asked
Active
Viewed 185 times
0
-
I don't think it is possible. – Ivan Shatsky Feb 17 '22 at 19:59
-
Any way to fix it, like make browser not send authorization header and send cookie? like in javascript or settings etc. I want it same behavior like curl where when sent cookie it sends cookie, if cookie not present send authorization header – supritha Feb 18 '22 at 06:28
-
I think after the basic auth is passed the browser will continue to send an auth header with the every request to the same server until being restarted. It may be worth to read [this](https://stackoverflow.com/questions/233507/how-to-log-out-user-from-web-site-using-basic-authentication) thread. – Ivan Shatsky Feb 18 '22 at 06:36