This article summarises the bugs that plague HTTP Authentication. These have all been mentioned elsewhere in the series, but I've grouped them here by software.

I should probably mention here that none of the changes listed below require RFC changes. I'll summarise the suggested RFC changes in a separate article.

Server changes required

Apache is the only piece of server software that I have investigated. I'll leave further investigations up to others, but I assume similar changes will need to be made elsewhere.

• Support optional HTTP Authentication; see Optional HTTP Authentication [1]
• Support UTF-8 headers; see Lack of Internationalisation in HTTP Authentication [2]

Client changes required

• Implement "Log out" and "Change User" buttons, and an "Authentication Manager"; see No Logout Button for HTTP Authentication [3]
• Support UTF-8 headers; see Lack of Internationalisation in HTTP Authentication [4]
• Internet Explorer only: Fix Digest Authentication; see Single sign-on for HTTP Authentication [5]