Closed Bug 140645 Opened 22 years ago Closed 21 years ago

Auth: HTTP uses first username password after you enter a second set

Categories

(Core :: Networking: HTTP, defect, P3)

Product:
Core
Component:
Networking: HTTP
Platform:
x86
Linux
Type:
defect

Tracking

()

Status:
VERIFIED WORKSFORME
Milestone:
mozilla1.4final

People

(Reporter: dodtim, Assigned: darin.moz)

References

Details

(Keywords: topembed+, Whiteboard: [adt2][ETA: June 12, 2003]) 

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.9) Gecko/00200203
BuildID:    Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.9) Gecko/00200203

When I use HTTP Authentication and then I "log out" i.e. next time I load the
page browser receives 401 and if I type another username it is still using the
old one and the old password to authenticate. The only way to log in using
different username is to restart the browser

Reproducible: Always
Steps to Reproduce:
1.Login using HTTP Authentication.
2. Logout, so the next time browser receives 401.
3. Login using different uname/passwd pair.

Actual Results:  I logged on as a previous user not the one I wanted to.

Expected Results:  Log me in as the user I've specified.
So... we _do_ put up a dialog, but then do _not_ send the data you entered in
that dialog?
Yes it does show a popup but uses the previous values i.e. I type user/password
the first time then I "log out" and next time browser gets 401 then I type
username2/password2 and when I am logged in I realise that I am logged as
user/password. i.e. the previous one not the new username2/password2 I've typed in.
To HTTP networking.
Assignee: mstoltz → darin
Status: UNCONFIRMED → NEW
Component: Security: General → Networking: HTTP
Ever confirmed: true
QA Contact: bsharma → tever
mass futuring of untargeted bugs
Target Milestone: --- → Future
Target Milestone: Future → mozilla1.0
resetting target milestone; that should be set by the developer.  Nominating,
however.  This bug makes it possible to log in with a certain set of credentials
while thinking that you are logged in with a different set...
Keywords: nsbeta1
Target Milestone: mozilla1.0 → ---
This looks like a dup of bug 137852 ... agreed?
Depends on: 137852
Depends on: 189170
http://www.viewline.net/ 
Mozilla doesn't acknowledge login information request by the ASP and this
generate a 401.2 error instead of 401.1
-> i submit a new bug. mark it as DUPEME. mark it as blocking bug 12578 and bug
57529 Bug 134103 and this sorry for the spam
Blocks: 61681
No longer depends on: 189170
QA Contact: tever → httpqa
adt: nsbeta1+/adt2
Keywords: nsbeta1nsbeta1+
Whiteboard: [adt2]
(I thought we dould have lots of dupes of this... time to go looking...)
Summary: Not changing the username when authenticating. → Auth: HTTP uses first username password after you enter a second set
bz & darin: this bug is plussed, and depends on an un-plussed bug.

What do you want to do here? There are a lot of different descriptions of what
sounds like the same prolem, which is really "HTTP's cached auth takes
precedence over everything".

If we are going to muck with this, it sounds like we'd want to solve all the
problems at once...
ADT: Nominating topembed
Keywords: topembed
Keywords: topembedtopembed+
Darin, Can you take a look at this and are the blocking and depends on comments
acurate?
QA Contact: httpqa → benc
ok, this bug is very old.  what we need is for someone to confirm this bug
against mozilla 1.4 beta.  if the bug can be confirmed then we'll need to
proceed from there using mozilla 1.4 beta to test against.

Timofej: can you please give mozilla 1.4 beta a try and get back to us?  thanks!
Status: NEW → ASSIGNED
Priority: -- → P3
Target Milestone: --- → mozilla1.4final
I'll try to dig up a system when I can change the passwords on the fly.

The problem of trying to change the user:pass info in cache via an HTTP URL is
still happening, but that might be a higher level problem.
QA Contact: benc → httpqa
UPDATE:
WFM, Mozilla 1.4b, Mach-O, Linux.

STEPS:
Connect to admin server, which requires basic auth.
Auth successfully.
Change admin password. (this invalidates currently cached auth).
On next page request, auth is requested again.
Enter new password.

EXPECTED/OCCURRING behavior: loging successful.

I've sniffed the session to see that the admin server sends a new 401 after the
password change, so this looks like it is working.

I did find problems when playing w/ URL embeded passswords, so I think the other
problems (like composer related problems) will need further analysis.
Whiteboard: [adt2] → [adt2][ETA: June 12, 2003]
ben said wfm.  please reopen if someone continues to see this problem with
1.4rc1 or later.
Status: ASSIGNED → RESOLVED
Closed: 21 years ago
Resolution: --- → WORKSFORME
VERFIED/WFM.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.