Closed Bug 73496 Opened 23 years ago Closed 23 years ago

Browser shows cached copy of password-protected document without entering password

Categories

(Core :: Networking: HTTP, defect)

Product:
Core
Component:
Networking: HTTP
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED DUPLICATE of bug 74075

People

(Reporter: bugzilla-f, Assigned: darin.moz)

Details

Attachments

(1 file)

screenshot of browser window displaying cached copy of password-protected document before asking for password (I just hit 'reload' to get the password dialog)
30.36 KB, image/png
Details 
When I just tried to open a password-protected document with mozilla, I was
surprised to see a cached copy of the document appear in the browser window
WITHOUT being asked for a password. Only after hitting reload was I presented
with a password dialog. When I subsequently canceled the password request, I got
the usual 'authentication required' screen.

reproduce: this was the first time I saw Mozilla do this. I got the effect after
restarting Mozilla and requesting a cached, but password-protected document.

expected behaviour: Mozilla should first check whether the document being loaded
is access-restricted BEFORE displaying a cached copy.
Sounds like a new cache problem.... can you see the problem if the cache
preference for checking is set to "every time" instead of "once per session"?
Assignee: asa → neeti
Component: Browser-General → Networking: Cache
QA Contact: doronr → gordon
Whiteboard: DUPEME
This is difficult to find out, since the effect/bug only sporadically appears. I
just tested about 30 times, both with cache set to 'every time' and 'once per
session'. I never got the effect when cache was set to 'every time', while it
appeared twice with cache set to 'once per session'. Is this definite proof? No.
Assignee: neeti → gordon
-->gordon
-> this looks like an HTTP problem to me
Assignee: gordon → darin
Component: Networking: Cache → Networking: HTTP
password protected documents can be cached, but only for the lifetime of the
session, and they must not be cached on disk... unless the username and password
are encoded in the URL.  <-- this is the convention of mozilla (I think).

So, if you were able to restart the browser and pull up a cached password
protected document, then this is definitely a bug b/c it means that the 
document is being written out to disk.

Reporter: the URL does not contain your username and password, right?
No, the URL I use to get at the document is simply:

http://unternet.org/nids/acid/

This redirects to:

http://unternet.org/nids/acid/acid_main.php

through this line:

<META HTTP-EQUIV = "REFRESH" CONTENT="0; URL=acid_main.php">

Weird, my disk cache is set to 0 KBytes so it should not even use it. The
document is not proxied (I'm using a chained Junkbuster/Squid proxy, but the
unternet.org domain is in the No Proxy For list).

*** This bug has been marked as a duplicate of 74075 ***
Status: UNCONFIRMED → RESOLVED
Closed: 23 years ago
Resolution: --- → DUPLICATE
verified.
Status: RESOLVED → VERIFIED
Whiteboard: DUPEME
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: