[Webkit-unassigned] [Bug 44823] Support document.execCommand("ClearAuthenticationCache")

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Sep 9 11:12:44 PDT 2010 

https://bugs.webkit.org/show_bug.cgi?id=44823


mackyle at gmail.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |mackyle at gmail.com




--- Comment #2 from mackyle at gmail.com  2010-09-09 11:12:44 PST ---
Safari version Version 5.0.2 (5533.18.5) still hangs on to invalid authentication credentials.

However, the WebKit nightly builds correctly discard them, so presumably Safari will eventually pick up that fix.

If you want to test locally, assuming you have an apache2 server that directs /cgi-bin requests to a scripts directory, add the attached logiotest.conf to your apache2 configuration and put the attached showuser script (making sure it's executable) in the real directory that /cgi-bin refers to.

1) Load /cgi-bin/showuser/login in the browser and provide any non-empty user id in the authentication dialog.  The user id will be displayed in the loaded page as the value of REMOTE_USER.

2) In the same browsing session, now visit /cgi-bin/showuser/logout.  Provide any non-empty user id in the authentication dialog.  It will fail, then cancel the authentication request dialog when it pops up again.

3) Now, in the same browsing session, again visit /cgi-bin/showuser/login and it will show the failed user id from step (2) as the value of REMOTE_USER without even asking for a user/password authentication.

In step (3), the WebKit nightly (and FireFox) always asks for a user/password, but Safari 5.0.2 (and earlier) do not.  Safari instead stubbornly continues to use the bad user ID entered in step (2).

Is there some reason that ClearAuthenticationCache can't be implemented to only clear the cache for the realm containing the page that called document.execCommand("ClearAuthenticationCache")?

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list