Hi Bruno,
--On September 24, 2007 7:44:06 PM -0500 Bruno Browning
<[EMAIL PROTECTED]> wrote:
When I authenticate to a CalendarServer instance configured to use digest
authentication (concerning which I am a compleat newb) using Sunbird or
Lightning, wait fifteen minutes, and attempt to, say, refresh, I get
another authentication prompt. This doesn't seem to be Sb/Ltn-specific:
the same timeout-and-reprompt happens when accessing the calendar URI
with a browser, including Opera on Linux and IE on Vista (though not
with IE 5.2 on Mac OS) - so it doesn't seem to be specific to the Mozilla
network stack, either. Wireshark shows that after the 15-minute timeout
CalendarServer responds to a query with a 401 challenge and new nonce
value in the WWW-Authenticate header - but that header does not also
include a 'stale="true"' as I would expect from my (possibly naive)
reading of RFC 2617. So I'm suspecting that this is a CalendarServer bug
rather than a Mozilla one, and I'm hoping that someone more familiar with
digest authentication than I am can comment.
Yup - looks like we missed that. Apparently some browsers/clients ignore
stale and attempt a re-auth without prompting so we didn't notice that.
I'll get a ticket written on that.
--
Cyrus Daboo
_______________________________________________
calendarserver-dev mailing list
[email protected]
http://lists.macosforge.org/mailman/listinfo/calendarserver-dev
