Return-Path: 
 <users-return-72328-apmail-httpd-users-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-users-archive@www.apache.org
Received: (qmail 67660 invoked from network); 10 May 2007 16:48:52 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 10 May 2007 16:48:52 -0000
Received: (qmail 75318 invoked by uid 500); 10 May 2007 16:48:47 -0000
Delivered-To: apmail-httpd-users-archive@httpd.apache.org
Received: (qmail 75304 invoked by uid 500); 10 May 2007 16:48:46 -0000
Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
list-help: <mailto:users-help@httpd.apache.org>
list-unsubscribe: <mailto:users-unsubscribe@httpd.apache.org>
List-Post: <mailto:users@httpd.apache.org>
List-Id: <users.httpd.apache.org>
Delivered-To: mailing list users@httpd.apache.org
Received: (qmail 75293 invoked by uid 99); 10 May 2007 16:48:46 -0000
Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 10 May 2007 09:48:46 -0700
X-ASF-Spam-Status: No, hits=-0.0 required=10.0
	tests=SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (herse.apache.org: domain of jslive@gmail.com designates
 209.85.132.242 as permitted sender)
Received: from [209.85.132.242] (HELO an-out-0708.google.com) (209.85.132.242)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 10 May 2007 09:48:39 -0700
Received: by an-out-0708.google.com with SMTP id d31so165203and
        for <users@httpd.apache.org>; Thu, 10 May 2007 09:48:19 -0700 (PDT)
DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed;
        d=gmail.com; s=beta;
        h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth;
        b=i3SdI3mw9+wS6xWp5TgrW4ods8yU5Es4sG65/Lx5W4CrYrHcEyXGs4N82fUrIbs20Ceohzh7O96gjim0Hw4u8RPekcglFEeem1NjaOnjPadLeKRYvAeGTKXNc9FpVWRyFClXsGgYaE8/WWg4megAOQ3MkVMM5JhELDR0uLsvgYk=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=beta;
        h=received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth;
        b=kXKgwda58otuOugKdjENzwJIJdLqmicMCidDpswISiz2DsRTtE2kxObq4bZa46VjiVzgPwfQqwBBTv0VmBzC6DZ9zL5chuZ5HVSIxsUUsX1AO/1xvFd7TsVNL5TZ3hPOrTUY96Pi2pNe1oq5BJ5yDvE1lVBhn6zP2lDzzRvKphA=
Received: by 10.101.66.11 with SMTP id t11mr1485564ank.1178815697285;
        Thu, 10 May 2007 09:48:17 -0700 (PDT)
Received: by 10.100.254.18 with HTTP; Thu, 10 May 2007 09:48:17 -0700 (PDT)
Message-ID: <e498c1660705100948s7c7b63d9o3b286c29cb618e63@mail.gmail.com>
Date: Thu, 10 May 2007 12:48:17 -0400
From: "Joshua Slive" <joshua@slive.ca>
Sender: jslive@gmail.com
To: users@httpd.apache.org
In-Reply-To: <4643451E.6040407@sacnet.es>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
References: <4642D7F1.2050803@sacnet.es>
	 <e498c1660705100618k6b32d11etfba3ece7df83b08c@mail.gmail.com>
	 <464324E3.6050107@sacnet.es>
	 <e498c1660705100702h12f948ebp19b8b80b74271a66@mail.gmail.com>
	 <464330FA.6080706@sacnet.es>
	 <e498c1660705100803t774574ech7866454bf73aa91@mail.gmail.com>
	 <4643451E.6040407@sacnet.es>
X-Google-Sender-Auth: 8ceaf63039ed83b6
X-Virus-Checked: Checked by ClamAV on apache.org
Subject: Re: [users@httpd] Basic Authentication: Firefox requires twice while
 Explorer only once

On 5/10/07, Guillermo Pallar=E9s <guillermo.pallares@sacnet.es> wrote:
>
>  What kind of "call to this file" do you use?
>  The call is <frame marginwidth =3D "0" marginheight =3D "5" src=3D"clock=
.html"
> name =3D "sac" scrolling =3D "no" frameborder =3D "0">
>  If this line is removed, then the second autenticathion doesn't appear.
>
>
>  You should trace all the requests your browser is making as part of
>  whatever document is being requested. In one of these requests, the
>  hostname is probably changing, resulting in the new auth.
>  (Alternatively, perhaps there is simply a browser bug causing it to
>  forget credentials.) But there is really no way for us to know what is
>  going on from this side of the firewall. I have tried to perform a trace=
 by
> using Ethereal. Please find the complete .cat file attached, from the fir=
st
> log in until the second autenticathion is requested. I guess the most
> important part is the end, because at some point the browser stops sendin=
g
> the aut info at the end of the frame. I don't know if it is casual but th=
at
> point is when a .JAR file request is sent.

Yes, the key is here:

GET /lib/sv600.jar HTTP/1.1
[...]
User-Agent: Mozilla/4.0 (Windows XP 5.1) Java/1.6.0_01
[...]

So firefox isn't making this request, it is java doing it directly.
And java doesn't have the required credentials resulting in a new
password prompt.

I know nothing about embedding java applets. You're probably better
off looking for a forum with some expertise in that subject. Here
you'll find mostly apache experts, and this problem has nothing to do
with apache.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org