Closed Bug 261667 Opened 20 years ago Closed 17 years ago

firefox repeatedly asking for username/password for unprotected directories on web server

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: oohp, Unassigned)

Details

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; rv:1.7.3) Gecko/20040914 Firefox/0.10
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; rv:1.7.3) Gecko/20040914 Firefox/0.10

If you have basic http auth set on the document root of an Apache webserver
and under it you selectively allow access on other directories (like userdir
for instance, http://website.tld/~user/), Firefox repeately asks for a password
regardless if the opened directory is not protected.

- 0.9.3 only asks once and doesn't popup the password dialog anymore if you
choose cancel

- 1.0PR repeatedly asks for a password with every move made (opening a file or
directory on the webserver).

- Mozilla 1.7.2 and 1.7.3 works fine, it doesn't even ask for a password

Reproducible: Always
Steps to Reproduce:
1. set up apache so the document root is password protected
2. set up apache with userdir enabled, allow access on userdirs and other
directories created under the document root
3. try to open these directories with files in in, or the files therein with firefox

Actual Results:  
Firefox 0.9.3 popped a password dialog once
Firefox 1.0PR popped a password dialog every time I tried to open a new
file/directory

Expected Results:  
Not even ask for a password (like mozilla 1.7.3 does) and just open the
files/directories without popping te password dialog
Confirmed on 1.0, too.

Please bump severity to "Major".
Whatever is causing this problem may be the same thing that is causing another
problem that I am seeing. If you have two different directories on the same
apache host each using basic http auth with a different username and password,
then open two firefox browser sessions, one for each and log on to each, every
time you switch between the two windows, it prompts you for the same username &
password again. It's as though the auth is being stored in some shared memory or
something and the auth being valid for one window, but not the other causes it
to prompt for it again. Or something like that. I'm using FF1.0 on XP connecting
to apache 2.x HTTP servers using HTTP auth and can easily reproduce the results
with the following model:

www.domain.com/dir1
www.domain.com/dir2

in dir1 is a .htaccess which points to user1/passwd1 stored in .htpasswd1; in
dir2 is another .htaccess which points to user2/passwd2 in .htpasswd2. Point one
browser to one location and another to the other, log in on both, then bounce
between the two windows hitting CTRL-R to refresh the page - they forget their
auth settings by switching between them. This may be limited to same-domain
authentication, I haven't verified that.
I am having a similar problem.  I have an apache web server with httpd.conf
password protected files.  When I visit hte site, I am correctly prompted for
username/password.  However, FireFox re-prompts me for each subfolder/file I
want to open.  IE6 automatically resubmits the same credentials within AuthName,
which I believe is the desired behavior.
This is an automated message, with ID "auto-resolve01".

This bug has had no comments for a long time. Statistically, we have found that
bug reports that have not been confirmed by a second user after three months are
highly unlikely to be the source of a fix to the code.

While your input is very important to us, our resources are limited and so we
are asking for your help in focussing our efforts. If you can still reproduce
this problem in the latest version of the product (see below for how to obtain a
copy) or, for feature requests, if it's not present in the latest version and
you still believe we should implement it, please visit the URL of this bug
(given at the top of this mail) and add a comment to that effect, giving more
reproduction information if you have it.

If it is not a problem any longer, you need take no action. If this bug is not
changed in any way in the next two weeks, it will be automatically resolved.
Thank you for your help in this matter.

The latest beta releases can be obtained from:
Firefox:     http://www.mozilla.org/projects/firefox/
Thunderbird: http://www.mozilla.org/products/thunderbird/releases/1.5beta1.html
Seamonkey:   http://www.mozilla.org/projects/seamonkey/

My web server setup has changed since I last posted, but currently I am no
longer experiencing the issue.  This may be because the issue was fixed in FF,
or because my architecture no longer creates it.  In either event, I'm not
complianing.
If I put the auth directives in a <location> section in apache conf, firefox 
prompts for http basic auth on every single request.  If i implement the same 
authentication layout via the <directory> sections, firefox behaves correctly.
Re comment #6:  It is not always possible to use Directory in place of Location
- e.g. the case where the Location is mapped to a webapp via JK.
Assignee: bross2 → nobody
I can't reproduce this using Firefox 2.0.0.3. I'm going to close this bug as WORKSFORME. It looks like it's only reproducible when using a specific server configuration. If you're able to reproduce, please open a new bug detailing full steps and required server configuration.
Status: UNCONFIRMED → RESOLVED
Closed: 17 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.