HTTP Basic Authentication
- have to send username & pass for every request
- can't log out unless you close the browser
- (no way to invalidate the session from the server side)
- unless you change their password?
Why do you have to base64 encode the username and password
to escape special characters
Cons
- no way to invalidate sessions
- except to change their password on them
- or implement black lists
- which is basically implementing sessions
Last update:
2023-04-24