If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

Browser shows cached copy of password-protected document without entering password

VERIFIED DUPLICATE of bug 74075

Status

()

Core
Networking: HTTP
VERIFIED DUPLICATE of bug 74075
17 years ago
17 years ago

People

(Reporter: Frank de Lange, Assigned: Darin Fisher)

Tracking

Trunk
x86
Linux
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

17 years ago
When I just tried to open a password-protected document with mozilla, I was
surprised to see a cached copy of the document appear in the browser window
WITHOUT being asked for a password. Only after hitting reload was I presented
with a password dialog. When I subsequently canceled the password request, I got
the usual 'authentication required' screen.

reproduce: this was the first time I saw Mozilla do this. I got the effect after
restarting Mozilla and requesting a cached, but password-protected document.

expected behaviour: Mozilla should first check whether the document being loaded
is access-restricted BEFORE displaying a cached copy.
(Reporter)

Comment 1

17 years ago
Created attachment 28843 [details]
screenshot of browser window displaying cached copy of password-protected document before asking for password (I just hit 'reload' to get the password dialog)
Sounds like a new cache problem.... can you see the problem if the cache
preference for checking is set to "every time" instead of "once per session"?
Assignee: asa → neeti
Component: Browser-General → Networking: Cache
QA Contact: doronr → gordon
Whiteboard: DUPEME
(Reporter)

Comment 3

17 years ago
This is difficult to find out, since the effect/bug only sporadically appears. I
just tested about 30 times, both with cache set to 'every time' and 'once per
session'. I never got the effect when cache was set to 'every time', while it
appeared twice with cache set to 'once per session'. Is this definite proof? No.

Updated

17 years ago
Assignee: neeti → gordon

Comment 4

17 years ago
-->gordon
(Assignee)

Comment 5

17 years ago
-> this looks like an HTTP problem to me
Assignee: gordon → darin
Component: Networking: Cache → Networking: HTTP
(Assignee)

Comment 6

17 years ago
password protected documents can be cached, but only for the lifetime of the
session, and they must not be cached on disk... unless the username and password
are encoded in the URL.  <-- this is the convention of mozilla (I think).

So, if you were able to restart the browser and pull up a cached password
protected document, then this is definitely a bug b/c it means that the 
document is being written out to disk.

Reporter: the URL does not contain your username and password, right?
(Reporter)

Comment 7

17 years ago
No, the URL I use to get at the document is simply:

http://unternet.org/nids/acid/

This redirects to:

http://unternet.org/nids/acid/acid_main.php

through this line:

<META HTTP-EQUIV = "REFRESH" CONTENT="0; URL=acid_main.php">

Weird, my disk cache is set to 0 KBytes so it should not even use it. The
document is not proxied (I'm using a chained Junkbuster/Squid proxy, but the
unternet.org domain is in the No Proxy For list).

Comment 8

17 years ago

*** This bug has been marked as a duplicate of 74075 ***
Status: UNCONFIRMED → RESOLVED
Last Resolved: 17 years ago
Resolution: --- → DUPLICATE
verified.
Status: RESOLVED → VERIFIED
Whiteboard: DUPEME
You need to log in before you can comment on or make changes to this bug.