Access to the 'secure1' page should only be allowed once you have input the password 'password1'.

First check that you cannot access the secure1 page, then check that an invalid password fails. Then try 'password1' - and you should be taken directly to secure1. This should set a session cookie into your browser.

Then test that you can subsequently go to the secure1 page without the password, until your browser is closed, and the cookie is lost, or until you have used the logout function in secure1.

Similarly, access to the 'secure2' page should only be allowed once you have input the password 'password2' below.

However in this case, rather than a session cookie, a cookie with a one minute expiry time is used instead, so even if the browser is shut down, and re-started, access will still be available to a logged on user if no more than one minute has elapsed.

This test uses basic http authentication and if you are not logged in, will open a username/password dialog. This will give access to the secure3 page once you have input any username longer than three characters, and the password of 'password3'.

Please note: this test should work with the Python built-in web server, but may not work with some http servers which may not allow authentication headers through.