Closed
Bug 49168
Opened 24 years ago
Closed 24 years ago
Log-in failure
Categories
(Core :: Networking, defect, P3)
Tracking
()
VERIFIED
FIXED
Future
People
(Reporter: Matti, Assigned: darin.moz)
References
()
Details
(Whiteboard: [rtm++])
Attachments
(2 files)
2.39 KB,
text/plain
|
Details | |
1.63 KB,
patch
|
Details | Diff | Splinter Review |
Using : Mozilla 2000081008 When i try to enter these german Broker Page, I must enter a username and a password. If I do this, the password window appears a second time. If I enter the name and password again, something happend but the page will not load. Works in : NS4.73, IE4 Expected result : The page will load and the password window appears only 1 time. I have opend an account for testing. Username : Mozilla Password : Mozilla
Comment 1•24 years ago
|
||
asas, can you reproduce this? I am having problems with it.
Comment 2•24 years ago
|
||
I've seen this at a couple of other sites. will try to find the original report. this is likely a duplicate
Reporter | ||
Comment 3•24 years ago
|
||
I don't know, if this bug is a dupe but I can reproduce it everytime since M16 (or before it). [The Username/password are case sensitive, if you enter a wrong password you most close Mozilla before you can try it again] Mozilla try to load the page and you can see at the "status border" : "Sending request to informer2.comdirekt.de" and after 1 second "Connecting to imformer2.comdirekt.de" and Mozilla make a loop with this 2 "status messages" I can see network traffic but Mozilla never loads the page.
Comment 4•24 years ago
|
||
updating component and seting default owner. Confirmed with 082208 mozilla build on NT
Assignee: asa → gagan
Status: UNCONFIRMED → NEW
Component: Browser-General → Networking
Ever confirmed: true
QA Contact: doronr → tever
known dup. *** This bug has been marked as a duplicate of 32335 ***
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → DUPLICATE
Assignee | ||
Comment 7•24 years ago
|
||
This bug is actually a different problem. The fix to bug 32335 eliminates the second dialog box, but it does nothing to fix the latter symptom. The page not reloading is a separate issue. In this case, the initial page request returns a 401 response, indicating that the request requires authentication. We then prompt the user for authentication (or if this page has been authenticated previously) we automatically reply with the necessary authentication. The result is a 301 redirection to /de/my/homepage/main.html. We then request that page; however, for that page the server responds with a 301 back to the original page. The result is that mozilla bounces between the two pages and never stops. 4.x does not have this problem because it promotes the authentiation header to the new request (in response to the first 301). This seems like a potential security hole, but basic auth is plain text anyways, so maybe we should follow 4.x in this? I'll have to take a close look at the spec to see what it says about this case. I'm also attaching a sample 4.x HTTP transaction for this site. Notice that that the authentication header is re-used.
Status: VERIFIED → REOPENED
Resolution: DUPLICATE → ---
Assignee | ||
Comment 8•24 years ago
|
||
Assignee | ||
Comment 9•24 years ago
|
||
Just one more point. My understanding of the HTTP standard is that if authentication is _ever_ required, then the server should respond with a 401 "authentication required" error. The fact that the server responds with 301 violates this assumption. If this assumption is true, then one thing we could do is place a limit on the number of redirects and abort if the limit is ever exceeded.
Comment 10•24 years ago
|
||
Hmmm... after looking at the logs me and darin agreed that this was a problem with the way nsAuth compared the directories. In this case the last slash in the path clearly is not the dir to compare. The correct fix for this is to cast the nsIURI to an nsIURL in nsAuthEngine.cpp and get the directory part thru the nsIURL interface. I have explained this fix to darin and am assigning this to him, but I doubt this will make it for 6.0.
Assignee: gagan → darin
Status: REOPENED → NEW
Target Milestone: --- → Future
Assignee | ||
Comment 11•24 years ago
|
||
Assignee | ||
Updated•24 years ago
|
Status: NEW → ASSIGNED
Comment 13•24 years ago
|
||
sr=mscott
Assignee | ||
Comment 15•24 years ago
|
||
I landed this fix on the trunk, and the tinderbox didn't complain. Now, I'm waiting for my branch build to finish, and then I'll land it there as well.
Assignee | ||
Comment 16•24 years ago
|
||
Ok, this fix is now on the branch as well.
Comment 17•24 years ago
|
||
So can this be marked fixed...?
Assignee | ||
Comment 18•24 years ago
|
||
Yes!
Status: ASSIGNED → RESOLVED
Closed: 24 years ago → 24 years ago
Resolution: --- → FIXED
Comment 20•24 years ago
|
||
verified on trunk builds.. Oct. 24 RH7 Linux Oct. 24 Winnt Oct. 23 Mac OS9 Marking bug verified and removing vtrunk keyword
Status: RESOLVED → VERIFIED
Keywords: vtrunk
You need to log in
before you can comment on or make changes to this bug.
Description
•