196090 - Basic authentication fails to use usernames and passwords entered into the URL window

Status: NEW

(Core :: Networking, defect, P3)

Description

[Jason]

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.3b) Gecko/20030210
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.3b) Gecko/20030210

I tested this in 1.3 beta and 1.2 as well

If I login to a website using basic authentication... eg
http://username:password@www.somewebspace.net/secured/location

Then later come back and try to login again with a DIFFERENT username... eg
http://anotherperson:newpassword@www.somewebspace.net/secured/location

Then Mozilla will fail to use the new authentication information.  It will use
the original information.

I have labeled this bug a severity of "Blocker" due to the fact that I have been
ordered by the "powers that be" to not use Mozilla until this is corrected... I
hate that due to the fact that they may start forcing me to use IE (PUKE)

I searched the bug database and found a similar reference for bug #55181.  But I
don't know if this is similar enough to be a dup since it is ignoring the acutal
information that I am entering.  I included it here so that the reviewie could
easily make that decision.

Reproducible: Always

Steps to Reproduce:
See details for information on how to reproduce
Actual Results:  
I remained logged into the original user.

Expected Results:  
It should use the authentication information that I manually entered.

Comment 1

[Matthias Versen [:Matti]]

This is no blocker since it doesn't block Mozilla development

-> http (unsure if this is a dupe)

Comment 2

[Boris Zbarsky [:bzbarsky]]

*** This bug has been marked as a duplicate of 66177 ***

Comment 3

[benc]

VERIFIED, dupe

That would solve the underlying problem...

Comment 4

[benc]

There is a better dupe for this bug... I need to find it.

Comment 5

[Boris Zbarsky [:bzbarsky]]

*** Bug 219067 has been marked as a duplicate of this bug. ***

Comment 6

[Boris Zbarsky [:bzbarsky]]

*** Bug 224124 has been marked as a duplicate of this bug. ***

Comment 7

[Tom Laudeman]

I have reproduced a very similar bug, but only when authenticating against and
Apache 1.3 http server running on Mac OSX. In my case, when connecting to a web
page protected by basic htaccess authentication, if I type the password wrong, I
can't get prompted for the userid/password without exiting the browser. In other
words, failure to authenticate requires exiting the browser to get another
chance to re-authenticate. Re-authentication after a typo is >not< a problem
when authenticating against Apache on Redhat.

Reproducible: Always

Comment 8

[Fabian Guisset]

*** Bug 227967 has been marked as a duplicate of this bug. ***

Comment 9

[Darin Fisher]

-> default owner

Comment 10

[Firefox Bug Husbandry Bot]

Bulk change to priority: https://bugzilla.mozilla.org/show_bug.cgi?id=1399258

Comment 11

[Firefox Bug Husbandry Bot]

Bulk change to priority: https://bugzilla.mozilla.org/show_bug.cgi?id=1399258

Comment 12

[BugBot [:suhaib / :marco/ :calixte]]

In the process of migrating remaining bugs to the new severity system, the severity for this bug cannot be automatically determined. Please retriage this bug using the new severity system.

Comment 13

[BugBot [:suhaib / :marco/ :calixte]]

The severity field for this bug is relatively low, S4. However, the bug has 3 duplicates.
:kershaw, could you consider increasing the bug severity?

For more information, please visit auto_nag documentation.

Comment 14

[Kershaw Chang [:kershaw]]

(In reply to Release mgmt bot [:suhaib / :marco/ :calixte] from comment #13)

The severity field for this bug is relatively low, S4. However, the bug has 3 duplicates.
:kershaw, could you consider increasing the bug severity?

For more information, please visit auto_nag documentation.