posted 16 years ago
Using basic (or digest) authentication, the credentials (username/password) are transmitted from the browser to the server with each HTTP request (this happens in the HTTP headers). It is thus not necessary to set cookies to identify the client.
Form authentication, on the other hand, only transmits the credentials once (when the login form is submitted). For the server to recognize the client on subsequent requests, some kind of session or cookie is necessary.