Basic Auth Authentication Wonkiness with scripts or Static HTML not protected by Basic Auth accessing resources protected by Basic Auth In when using Apache & Internet Explorer

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I have a set of pictures that I protect with .htaccess. This is currently configured using Basic Auth. The .htaccess file protects ONLY the images/thumbnails but not the html that loads the images and thumbnails. 

AuthName "POAC-NoVA Members Only"
AuthType Basic
AuthUserFile /var/opt/htdocs/poac/.htpasswd

require valid-user

Apache is version 2.2.21
A real-world example is located at http://www.poac-nova.org/photomanager/photomanager-gallery-view.cgi?set=2&gallery=7 with a user name of pictures and a password of testing! NOTE: this password will be changed in the next few days.
If I use Firefox (3.6.25 for example), it works great. I am prompted for the password once and voila.
If I use Internet Explorer (IE6, IE7, IE9 all tested), I am prompted repeatedly for the password. For approximately 300 images, I will see a password prompt approximately 7 times. I simply enter the correct username and password repeatedly. Or I check remember password and click ok repeatedly. When this completes, the page views without issue. And once the images are cached, the issue appears to go away.
We've seen this issue for some years but thought it was possibly something wrong in our code or with Auth_DBI. Today we used multiple servers and removed Auth_DBI from the picture. We also changed the output to a static HTML file with the same issue (http://www.poac-nova.org/test.html)
In both cases, we will see authentication errors even though we are 100% certain the password is being entered correctly.
HOWEVER, if we move that same test.html to the same dir as the photos and .htaccess file (i.e. http://www.poac-nova.org/photos/test.html), the problem cannot be duplicated.
OR, if we move the cgi script to the same dir as the photos (i.e. http://www.poac-nova.org/photos/photomanager-gallery-view.cgi?set=2&gallery=7), the problem cannot be duplicated.
NOTE: You must exit IE and use control panel->internet options to clear your IE cache to duplicate the issue in our tests. Otherwise, the results are not reproducible.
Anyone have any thoughts or known issues with http authentication and IE that anyone can point me towards? Otherwise I'll open a bug and go from there because I appear to have some wonkiness where I use a script NOT protected by basic auth accessing resources that ARE protected by basic auth triggering some password issue in an Apache / IE environment. 

Regards,
KAM

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux