Absolutely nothing in the spec states usually, and infrequently you can't utilize a 401 in that problem because returning a 401 is barely lawful when you include things like a WWW-Authenticate header. Nearly anything which can be simply guessed isn't Safe and sound as being a password. We have talked http://pigpgs.com