How does digest authentication prevents replay attacks?

I found many questions on stackoverflow which has a mention about digest authentication. I could not find on how does the digest authentication prevent replay attacks? I use the fiddler tool to intercept the http request to the servers. I used the same tool for replaying the requests to the server but the server asked for authentication.

I need to understand exactly on how prevention of replay attack is achieved. How the s开发者_StackOverflowerver is able to detect any replay of http requests?

Any links/resources would be appreciated.

Digest authentication prevents replay attacks by using a server-specified nonce. The server generates a random nonce when the client attempts to make an unauthenticated request, client has to incorporate the nonce into its response. It's up to the server to manage valid nonces, and invalidate them when they've been used, to prevent replays.