215293 - 401 causes mozilla to clear authentication dialog even though password manager should rememer it.

Status: RESOLVED DUPLICATE of bug 379997

(SeaMonkey :: Passwords & Permissions, defect)

Description

[Brian Ziman]

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5b) Gecko/20030806

The server uses HTTP authentication and cookies for session management.  When a
user goes to the site for the first time, the server will respond with a 401 and
a cookie, which causes the browser to prompt for authentication.  The user types
in his (correct) authentication, and selects "Remember password".  Subsequently,
his session with the server expires, and the server returns another 401, along
with a new cookie.  Once again, Mozilla brings up the authentication dialog, but
does not fill in the saved username and password.  If you close out the browser,
and bring it back up, and then go to the site, once again the the authentication
dialog will come up and the username as password will be present.  Once the
session expires, however, the dialog will be empty, pending browser restart.

This behaviour was introduced sometime after the release of Mozilla 1.3, in
which the browser would automagically send back the original user/pass.  I
understand that the automagic behaviour is wrong -- we should definitely see a
dialog, but it should be populated with the saved user and password, if you've
opted to save the user and password.

Reproducible: Always

Steps to Reproduce:
1. Find a server that uses HTTP auth and allows sessions to expire. (I've got a
simple test case written in java that I will attach to the bug entry if I can).
2. Connect to the user, see the dialog, type in your auth, and tell it to
Remember  the password.
3. Let the session expire.
4. Reconnect, and note that the dialog does not have the user and password
filled in.

Actual Results:  
The user/password dialog is empty.

Expected Results:  
The user/password dialog should contain the user/password info that you asked it
to remember.

Comment 1

[Brian Ziman]

Attachment: Test server that will demonstrate issue.

AuthTest.java is a simple four step java HTTP server that simulates the use
case described in the bug report.  Simply compile and run the program
(optionally specifying the port), and point your browser at it.  There will be
four transactions:
1. User Requests Page / Server responds 401
2. Browser Prompts user for Auth and Requests page again with Auth / Server
reponds 200
3. User Requests Page again / Server responds 401
4. Browser prompts user for auth again without remembering user/pass. / Server
reponds 200

Comment 2

[Gervase Markham [:gerv]]

This is an automated message, with ID "auto-resolve01".

This bug has had no comments for a long time. Statistically, we have found that
bug reports that have not been confirmed by a second user after three months are
highly unlikely to be the source of a fix to the code.

While your input is very important to us, our resources are limited and so we
are asking for your help in focussing our efforts. If you can still reproduce
this problem in the latest version of the product (see below for how to obtain a
copy) or, for feature requests, if it's not present in the latest version and
you still believe we should implement it, please visit the URL of this bug
(given at the top of this mail) and add a comment to that effect, giving more
reproduction information if you have it.

If it is not a problem any longer, you need take no action. If this bug is not
changed in any way in the next two weeks, it will be automatically resolved.
Thank you for your help in this matter.

The latest beta releases can be obtained from:
Firefox:     http://www.mozilla.org/projects/firefox/
Thunderbird: http://www.mozilla.org/products/thunderbird/releases/1.5beta1.html
Seamonkey:   http://www.mozilla.org/projects/seamonkey/

Comment 3

[Gervase Markham [:gerv]]

This bug has been automatically resolved after a period of inactivity (see above
comment). If anyone thinks this is incorrect, they should feel free to reopen it.

Comment 4

[Brian Ziman]

Just because nobody bothers to look at this doesn't mean its resolved.  Still a
problem in Firefox 1.0.7.

Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050922 Firefox/1.0.4
(Ubuntu package 1.0.7)

Comment 5

[Brian Ziman]

The problem that never goes away... now repro'd in 1.5.0.1:

Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.1) Gecko/20060124 Firefox/1.5.0.1 - Build ID: 2006012415

It'd be nice if Firefox stopped adding new features I don't need and instead made the basic stuff work right.

Comment 6

[u279076]

I tested this on Firefox 2.0.0.4 using my school's linux server cluster as the test case.  HTTP authentication worked fine, allowed me to save my password, and the dialog continually fills in my username and password.

I suggest that if you update to 2.0.0.4 that you will find your problem is fixed.

Since this bug has not been updated in over a year, it is being closed-WFM.  Please reopen it if you still have this issue so that we can revisit it.

Comment 7

[u279076]

Correction:

I tested this on 3.0 not 2.0.

3.0 works fine, 2.0.0.4 still has the problem.

Comment 8

[Justin Dolske [:Dolske]]

This is a duplicate...

The problem is that the code was assuming that if the login failed (which it seems to be doing in the description, when the server decides to time-out the session) that the login was bogus and conviently deletes it for the user. This is wrong for a number of reasons, although I hadn't thought of this particular case. :)