I have a set of pictures that I protect with .htaccess. This is
currently configured using Basic Auth. The .htaccess file protects ONLY
the images/thumbnails but not the html that loads the images and thumbnails.
AuthName "POAC-NoVA Members Only"
AuthType Basic
AuthUserFile /var/opt/htdocs/poac/.htpasswd
require valid-user
Apache is version 2.2.21
A real-world example is located at
http://www.poac-nova.org/photomanager/photomanager-gallery-view.cgi?set=2&gallery=7
with a user name of pictures and a password of testing! NOTE: this
password will be changed in the next few days.
If I use Firefox (3.6.25 for example), it works great. I am prompted for
the password once and voila.
If I use Internet Explorer (IE6, IE7, IE9 all tested), I am prompted
repeatedly for the password. For approximately 300 images, I will see a
password prompt approximately 7 times. I simply enter the correct
username and password repeatedly. Or I check remember password and click
ok repeatedly. When this completes, the page views without issue. And
once the images are cached, the issue appears to go away.
We've seen this issue for some years but thought it was possibly
something wrong in our code or with Auth_DBI. Today we used multiple
servers and removed Auth_DBI from the picture. We also changed the
output to a static HTML file with the same issue
(http://www.poac-nova.org/test.html)
In both cases, we will see authentication errors even though we are 100%
certain the password is being entered correctly.
HOWEVER, if we move that same test.html to the same dir as the photos
and .htaccess file (i.e. http://www.poac-nova.org/photos/test.html), the
problem cannot be duplicated.
OR, if we move the cgi script to the same dir as the photos (i.e.
http://www.poac-nova.org/photos/photomanager-gallery-view.cgi?set=2&gallery=7),
the problem cannot be duplicated.
NOTE: You must exit IE and use control panel->internet options to clear
your IE cache to duplicate the issue in our tests. Otherwise, the
results are not reproducible.
Anyone have any thoughts or known issues with http authentication and IE
that anyone can point me towards? Otherwise I'll open a bug and go from
there because I appear to have some wonkiness where I use a script NOT
protected by basic auth accessing resources that ARE protected by basic
auth triggering some password issue in an Apache / IE environment.
Regards,
KAM
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
