What is the realm in basic authentication

Question

I m setting up basic authentication on a php site and found this page on the php manual showing the set up   What does  realm  mean here in the header    header  WWW-Authenticate  Basic realm  My Realm       Is it the page page being requested

User · Answer

A realm can be seen as an area  not a particular page  it could be a group of pages  for which the credentials are used  this is also the string that will be shown when the browser pops up the login window  e g      Please enter your username and password for  lt realm name gt     When the realm changes  the browser may show another popup window if it doesn t have credentials for that particular realm

User · Answer

According to the RFC 7235  the realm parameter is reserved for defining protection spaces  set of pages or resources where credentials are required  and it s used by the authentication schemes to indicate a scope of protection    For more details  see the quote below  the highlights are not present in the RFC       2 2   Protection Space  Realm       The  realm  authentication parameter is reserved for use by     authentication schemes that wish to indicate a scope of protection       A protection space is defined by the canonical root URI  the scheme     and authority components of the effective request URI       of the server being accessed  in combination with     the realm value if present   These realms allow the protected     resources on a server to be partitioned into a set of protection     spaces  each with its own authentication scheme and or authorization     database   The realm value is a string  generally assigned by the     origin server  that can have additional semantics specific to the     authentication scheme   Note that a response can have multiple     challenges with the same auth-scheme but with different realms            Note 1  The framework for HTTP authentication is currently defined by the RFC 7235  which updates the RFC 2617 and makes the RFC 2616 obsolete   Note 2  The realm parameter is no longer always required on challenges

User · Answer

From RFC 1945  HTTP 1 0  and RFC 2617  HTTP Authentication referenced by HTTP 1 1      The realm attribute  case-insensitive  is required for all   authentication schemes which issue a challenge  The realm value    case-sensitive   in combination with the canonical root URL of the   server being accessed  defines the protection space  These realms   allow the protected resources on a server to be partitioned into a set   of protection spaces  each with its own authentication scheme and or   authorization database  The realm value is a string  generally   assigned by the origin server  which may have additional semantics   specific to the authentication scheme    In short  pages in the same realm should share credentials   If your credentials work for a page with the realm  My Realm   it should be assumed that the same username and password combination should work for another page with the same realm

[http] What is the "realm" in basic authentication

Examples related to http

Examples related to basic-authentication

Examples related to digest-authentication