posted 14 years ago
If you are talking about BASIC authentication, then in that case after the user authenticates himself/herself, on any subsequent request to the server, the browser sends an authentication header which contains the username and password in Base64 encoded form. The header looks like this (the long text in the end is the encoded username and password)
Authorization: Basic BJFOZGRpbjpvcGVuIHNlc2FtZQ==