From: "Rob Sanderson" <[log in to unmask]>
> > Am I correct assuming the server can also issue the token or session id
> > without the client sending authentication information if authentication
> > isn't needed?
>
> Unfortunately not.
>
> There's a restriction that servers must only send extra data fields
> (extraResponseData in this case) when they have been requested by the
> client.
But the client can overide this restriction. See
http://www.loc.gov/standards/sru/accept.html
--Ray
|