Server issues 401 without WWW-Authenticate header [was: Can't login after first attempt fails]

RESOLVED WORKSFORME

Status

Tech Evangelism Graveyard
English US
P2
major
RESOLVED WORKSFORME
16 years ago
3 years ago

People

(Reporter: Jeff D. Hanson, Assigned: Doron Rosenberg (IBM))

Tracking

Details

(URL)

(Reporter)

Description

16 years ago
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.0rc3) Gecko/20020523
BuildID:    2002052306

YALB (Yet Another Login Bug) - probably just another manifestation of some of
the other login bugs.  I can't tell so here is my report.  When a bad
username/password is entered for the Job Seeker or Employer logins, you get an
"Authorization Required" error every time the login link is clicked.  This also
occurs with IE6.  Only NC 4.79 allows multiple attempts.  All instances of
Mozilla (or IE6) must be closed before link works again.  Shift-Reload doesn't
fix it either.  With IE6, the fault can be bypassed by specifing the login
within the URL:

http://<LOGIN NAME>:<PASSWORD>@www.ajb.dni.us/employer/reg/welcome/?

This does not work with Mozilla 1 RC3 however.


Reproducible: Always
Steps to Reproduce:
1.  Go to http://www.ajb.dni.us/
2.  Click on Job Seeker or Employer Login - login box is displayed.
3.  Enter an invaid or blank login name and password.
4.  Result should be "Authorization Required" error message.
5.  Go back to the main page.
6.  Click one of the login links again.


Actual Results:  No login box.  Instead:

Authorization Required
This server could not verify that you are authorized to access the document
requested. Either you supplied the wrong credentials (e.g., bad password), or
your browser doesn't understand how to supply the credentials required.

Expected Results:  Login box redisplayed for login re-attempt.

Sun JRE 1.4

This bug is making it difficult for me to escape the hell hole I'm currently
trapped in and to find a sucker to take my place.

Comment 1

16 years ago
Verified behavior in build 2002071608 PC/Win98, so marking as new.  But I'm not
sure that this behavior isn't what's supposed to be happening in these HTTP
authentication cases.  (Note the third comment in bug 117507.)

Keyworded 4xp since NN 4.79 indeed allows for retrying without shutting down
browser first.
Assignee: sgehani → darin
Status: UNCONFIRMED → NEW
Component: XP Apps → Networking: HTTP
Ever confirmed: true
Keywords: 4xp
QA Contact: paw → tever

Comment 2

16 years ago
this is pretty major...
Status: NEW → ASSIGNED
Priority: -- → P2
Target Milestone: --- → mozilla1.1beta

Comment 3

16 years ago
Just discovered bug 55181 today.  This bug may actually be a dup of that one.

Comment 4

16 years ago
here's the server's response to the user clicking on the Login button and
pressing OK without entering any username or password when prompted.

  HTTP/1.1 401 Authorization Required
  Date: Wed, 24 Jul 2002 18:43:38 GMT
  Server: Apache/1.3.6 (Unix)
  Content-Type: text/html
  Via: (HTTP/1.1 204.168.91.211:3200), (HTTP/1.1 216.34.90.246:3200)
  Etag: "S-7cb7-cca85bd3-3d3ef559-676809c7"
  Transfer-Encoding: chunked
  Connection: Keep-Alive

notice that the server fails to provide a WWW-Authenticate header/challenge. 
without a challenge, there is nothing the browser can do but display the 401
error page that accompanies the message.  server error for sure.

-> TE
Assignee: darin → doron
Status: ASSIGNED → NEW
Component: Networking: HTTP → US General
Product: Browser → Tech Evangelism
QA Contact: tever → zach
Summary: Can't login after first attempt fails → Server issues 401 without WWW-Authenticate header [was: Can't login after first attempt fails]
Target Milestone: mozilla1.1beta → ---
Version: other → unspecified
(Reporter)

Comment 5

16 years ago
If it is indeed a server error, what is the official solution?  Is there someone
with Mozilla that will contact the webmaster or should I do it?

Comment 6

16 years ago
In cases like this, it's generally up to you to do something about it if you
want it done at all.

However, I've found that many webmasters of big sites aren't very helpful in
cases like this. =( A lot of times, webmaster@domain.com even bounces. *sigh*

Comment 7

16 years ago
This site has redesigned and now if you enter invalid/bad name/pw information,
the error page always includes a login box to try again, so it is impossible to
get into the situation where you can't get passed an "authorization required" error.

Resolving WFM based on that.
Status: NEW → RESOLVED
Last Resolved: 16 years ago
Resolution: --- → WORKSFORME
Product: Tech Evangelism → Tech Evangelism Graveyard
You need to log in before you can comment on or make changes to this bug.