3.3.5 Message Processing Events and Sequencing Rules
The WWW-Authenticate header is only sent from the server. For more information, see [RFC2616] sections 14.47.
Upon successful completion of authentication, the server SHOULD emit a Persistent-Auth header in the response. When the server is configured for connection-based authentication and the current connection is authenticated, then persistent-auth-token SHOULD be set to "true"; otherwise it SHOULD be set to "false".
All other messages are handled by the server as specified in [RFC2616].