When doing Results Authorization, Webinator does not validate credentials or cookies on its own. They are passed along to the content server, who decides whether the individual results are allowed or denied.
Since authentication is handled by another server, when search results are denied access, Webinator cannot know if the denial is URL-based (lack of access by the user), or login-based (mistyped/wrong password).
To differentiate the two and give users a chance to correct mistyped passwords, a Login Verification URL may be set. This should be a URL that all users have access to, but that is still protected (i.e. anonymous users are denied). It should be an actual file (not a directory), preferably small (a few KB), and permanent (not likely to move, be renamed or have perms changed).
If Login Verification URL is set, Webinator will verify a user's prompted-for login by accessing this page. Since all users have access to it, a denial is assumed to mean the login was incorrect, and the user will be re-prompted for their credentials. Without a Login Verification URL set, a mistyped password will result in no search results, but the user will not know if they do not have access to the results, or they merely mistyped their password.
Login Verification URL can also be useful with the Forward Login Cookies Results Authorization method, when used in conjunction with an Authorization Target of Login Verification URL Only, as described below.