Closed
Bug 73496
Opened 23 years ago
Closed 23 years ago
Browser shows cached copy of password-protected document without entering password
Categories
(Core :: Networking: HTTP, defect)
Tracking
()
People
(Reporter: bugzilla-f, Assigned: darin.moz)
Details
Attachments
(1 file)
When I just tried to open a password-protected document with mozilla, I was surprised to see a cached copy of the document appear in the browser window WITHOUT being asked for a password. Only after hitting reload was I presented with a password dialog. When I subsequently canceled the password request, I got the usual 'authentication required' screen. reproduce: this was the first time I saw Mozilla do this. I got the effect after restarting Mozilla and requesting a cached, but password-protected document. expected behaviour: Mozilla should first check whether the document being loaded is access-restricted BEFORE displaying a cached copy.
Reporter | ||
Comment 1•23 years ago
|
||
Comment 2•23 years ago
|
||
Sounds like a new cache problem.... can you see the problem if the cache preference for checking is set to "every time" instead of "once per session"?
Assignee: asa → neeti
Component: Browser-General → Networking: Cache
QA Contact: doronr → gordon
Whiteboard: DUPEME
Reporter | ||
Comment 3•23 years ago
|
||
This is difficult to find out, since the effect/bug only sporadically appears. I just tested about 30 times, both with cache set to 'every time' and 'once per session'. I never got the effect when cache was set to 'every time', while it appeared twice with cache set to 'once per session'. Is this definite proof? No.
Assignee | ||
Comment 5•23 years ago
|
||
-> this looks like an HTTP problem to me
Assignee: gordon → darin
Component: Networking: Cache → Networking: HTTP
Assignee | ||
Comment 6•23 years ago
|
||
password protected documents can be cached, but only for the lifetime of the session, and they must not be cached on disk... unless the username and password are encoded in the URL. <-- this is the convention of mozilla (I think). So, if you were able to restart the browser and pull up a cached password protected document, then this is definitely a bug b/c it means that the document is being written out to disk. Reporter: the URL does not contain your username and password, right?
Reporter | ||
Comment 7•23 years ago
|
||
No, the URL I use to get at the document is simply: http://unternet.org/nids/acid/ This redirects to: http://unternet.org/nids/acid/acid_main.php through this line: <META HTTP-EQUIV = "REFRESH" CONTENT="0; URL=acid_main.php"> Weird, my disk cache is set to 0 KBytes so it should not even use it. The document is not proxied (I'm using a chained Junkbuster/Squid proxy, but the unternet.org domain is in the No Proxy For list).
Comment 8•23 years ago
|
||
*** This bug has been marked as a duplicate of 74075 ***
Status: UNCONFIRMED → RESOLVED
Closed: 23 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•