Question
One thing I am still not clear on is whether my client still needs to include the Authentication value in the http header once he has the session id value. Once the client has authenticated and received the session id value shouldn't that be all they have to return?
I am working with an iPad developer who is far away and I am having a hard time simulating his response locally. The answer to this question would help me a lot.
Solution
Once you have authenticated with the BasicAuthProvider you will have a valid session cookie.
This cookie is required to access the secure resources. The BasicAuthProvider simply extends the CredentialsAuthProvider. See source code here
So make your Basic Auth request to /Auth, this will provide the session cookie, then you can access the secure resources without the Authorization Basic header.
https://stackoverflow.com/questions/22812204
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian