When I just tried to open a password-protected document with mozilla, I was surprised to see a cached copy of the document appear in the browser window WITHOUT being asked for a password. Only after hitting reload was I presented with a password dialog. When I subsequently canceled the password request, I got the usual 'authentication required' screen. reproduce: this was the first time I saw Mozilla do this. I got the effect after restarting Mozilla and requesting a cached, but password-protected document. expected behaviour: Mozilla should first check whether the document being loaded is access-restricted BEFORE displaying a cached copy.
Created attachment 28843 [details] screenshot of browser window displaying cached copy of password-protected document before asking for password (I just hit 'reload' to get the password dialog)
Sounds like a new cache problem.... can you see the problem if the cache preference for checking is set to "every time" instead of "once per session"?
This is difficult to find out, since the effect/bug only sporadically appears. I just tested about 30 times, both with cache set to 'every time' and 'once per session'. I never got the effect when cache was set to 'every time', while it appeared twice with cache set to 'once per session'. Is this definite proof? No.
-> this looks like an HTTP problem to me
password protected documents can be cached, but only for the lifetime of the session, and they must not be cached on disk... unless the username and password are encoded in the URL. <-- this is the convention of mozilla (I think). So, if you were able to restart the browser and pull up a cached password protected document, then this is definitely a bug b/c it means that the document is being written out to disk. Reporter: the URL does not contain your username and password, right?
No, the URL I use to get at the document is simply: http://unternet.org/nids/acid/ This redirects to: http://unternet.org/nids/acid/acid_main.php through this line: <META HTTP-EQUIV = "REFRESH" CONTENT="0; URL=acid_main.php"> Weird, my disk cache is set to 0 KBytes so it should not even use it. The document is not proxied (I'm using a chained Junkbuster/Squid proxy, but the unternet.org domain is in the No Proxy For list).
*** This bug has been marked as a duplicate of 74075 ***