User-Agent: Mozilla/5.0 (X11; U; Linux i686; rv:1.7.3) Gecko/20040914 Firefox/0.10 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; rv:1.7.3) Gecko/20040914 Firefox/0.10 If you have basic http auth set on the document root of an Apache webserver and under it you selectively allow access on other directories (like userdir for instance, http://website.tld/~user/), Firefox repeately asks for a password regardless if the opened directory is not protected. - 0.9.3 only asks once and doesn't popup the password dialog anymore if you choose cancel - 1.0PR repeatedly asks for a password with every move made (opening a file or directory on the webserver). - Mozilla 1.7.2 and 1.7.3 works fine, it doesn't even ask for a password Reproducible: Always Steps to Reproduce: 1. set up apache so the document root is password protected 2. set up apache with userdir enabled, allow access on userdirs and other directories created under the document root 3. try to open these directories with files in in, or the files therein with firefox Actual Results: Firefox 0.9.3 popped a password dialog once Firefox 1.0PR popped a password dialog every time I tried to open a new file/directory Expected Results: Not even ask for a password (like mozilla 1.7.3 does) and just open the files/directories without popping te password dialog
Confirmed on 1.0, too. Please bump severity to "Major".
Whatever is causing this problem may be the same thing that is causing another problem that I am seeing. If you have two different directories on the same apache host each using basic http auth with a different username and password, then open two firefox browser sessions, one for each and log on to each, every time you switch between the two windows, it prompts you for the same username & password again. It's as though the auth is being stored in some shared memory or something and the auth being valid for one window, but not the other causes it to prompt for it again. Or something like that. I'm using FF1.0 on XP connecting to apache 2.x HTTP servers using HTTP auth and can easily reproduce the results with the following model: www.domain.com/dir1 www.domain.com/dir2 in dir1 is a .htaccess which points to user1/passwd1 stored in .htpasswd1; in dir2 is another .htaccess which points to user2/passwd2 in .htpasswd2. Point one browser to one location and another to the other, log in on both, then bounce between the two windows hitting CTRL-R to refresh the page - they forget their auth settings by switching between them. This may be limited to same-domain authentication, I haven't verified that.
I am having a similar problem. I have an apache web server with httpd.conf password protected files. When I visit hte site, I am correctly prompted for username/password. However, FireFox re-prompts me for each subfolder/file I want to open. IE6 automatically resubmits the same credentials within AuthName, which I believe is the desired behavior.
This is an automated message, with ID "auto-resolve01". This bug has had no comments for a long time. Statistically, we have found that bug reports that have not been confirmed by a second user after three months are highly unlikely to be the source of a fix to the code. While your input is very important to us, our resources are limited and so we are asking for your help in focussing our efforts. If you can still reproduce this problem in the latest version of the product (see below for how to obtain a copy) or, for feature requests, if it's not present in the latest version and you still believe we should implement it, please visit the URL of this bug (given at the top of this mail) and add a comment to that effect, giving more reproduction information if you have it. If it is not a problem any longer, you need take no action. If this bug is not changed in any way in the next two weeks, it will be automatically resolved. Thank you for your help in this matter. The latest beta releases can be obtained from: Firefox: http://www.mozilla.org/projects/firefox/ Thunderbird: http://www.mozilla.org/products/thunderbird/releases/1.5beta1.html Seamonkey: http://www.mozilla.org/projects/seamonkey/
My web server setup has changed since I last posted, but currently I am no longer experiencing the issue. This may be because the issue was fixed in FF, or because my architecture no longer creates it. In either event, I'm not complianing.
If I put the auth directives in a <location> section in apache conf, firefox prompts for http basic auth on every single request. If i implement the same authentication layout via the <directory> sections, firefox behaves correctly.
Re comment #6: It is not always possible to use Directory in place of Location - e.g. the case where the Location is mapped to a webapp via JK.
I can't reproduce this using Firefox 220.127.116.11. I'm going to close this bug as WORKSFORME. It looks like it's only reproducible when using a specific server configuration. If you're able to reproduce, please open a new bug detailing full steps and required server configuration.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 12 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.