Re: Problem with HTTP Basic Authentication and cookies

Fri, 15 Jun 2001 14:48:54 -0700 

Darin,

Thanks for submitting a bug report. I checked on the
status this morning. It says, this is a duplicate of
bug #83625. Well, the symptoms do not look the same.
Bug 83625 has been closed as FIXED with build
2001-06-13-09-trunk. I tried with 2001-06-15-09 (Linux),
and the problem persists. I feel these two bugs have
different causes.

Here is a piece of captured network packets for your
assistance:

<--- Request ->
GET /TEST/AuthTest HTTP/1.1
Host: abc.dnsdhcp.provo.novell.com
User-Agent: Mozilla/5.0 (X11; U; Linux 2.2.18pre21 i686, en-US; 
rv:0.9.1+) Gecko/20010615
Accept: text/xml, application/xml, application/xhtml+xml, text/html, 
q=0.9 ...
Accept-Language: en-us
Acept-Encoding: gzip,deflate,compress,identity
Accept-Charset: ISO-8859-1, utf-8;q=0.66, *;q=0.66
Keep-Alive: 300
Connection: keep-alive

<--- Response ->
HTTP/1.1 401 Authorization Required
Date: Fri, 15 June 2001 21:50:30 GMT
Server: Apache/1.3.20 (Win32)
Set-Cookie: authtest=AAAAAAAAAAA=; path=/TEST
WWW-Authenticate: Basic realm="TEST"
Keep-Alive: timeout=15, max=100
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1

<--- Request ->
GET /TEST/AuthTest HTTP/1.1
Host: abc.dnsdhcp.provo.novell.com
User-Agent: Mozilla/5.0 (X11; U; Linux 2.2.18pre21 i686, en-US; 
rv:0.9.1+) Gecko/20010615
Accept: text/xml, application/xml, application/xhtml+xml, text/html, 
q=0.9 ...
Accept-Language: en-us
Acept-Encoding: gzip,deflate,compress,identity
Accept-Charset: ISO-8859-1, utf-8;q=0.66, *;q=0.66
Keep-Alive: 300
Connection: keep-alive
Authorization: Basic asZq5uiX3ZiiksKlVzdB==


NOTE: Cookie is absent in the Authorization request. I confirmed
in the cookie manager that "authtest" is set to "AAAAAAAAAAA=".

Hope this helps.

Thanks,
-Indraneel


Darin Fisher wrote:

> thanks for the bug report... please see bug 84794.
> darin
> 
> 
> Indraneel Sarkar wrote:
> 
>> There seems to be a problem with WWW-Authenticate: Basic and cookies.
>>
>> Problem: I have a URL that requires "Basic" authentication. When the
>> server responds with a 401 (Auth-required), it also sends a
>> "Set-Cookie:" in the header. Now, this cookie is being set by Mozilla
>> (build 2001060509); looked up in the "cookie manager". However, when
>> the browser sends back the "Authorization" response, the cookie is
>> not being sent back to the server. Why is the cookie not being sent back
>>
>> to the originating server? Netscape 4.7x and IE 5.x both work fine.
>>
>> Thanks,
>> -Indraneel

Reply via email to