Yes, exactly. Most browser cache the login information and send the appropriate Authorization header on each request.

BTW, IIRC Mozilla Firefox will display a messagebox "Do you really want to login using the following user/pass-combination" if redirected to http://user:pass@.../.