[Seaside] BUG: Basic authentication

Mart-Mari Breedt breedt_m at aircom.co.za
Wed Aug 31 09:41:30 CEST 2005 

Thank you for your reply.

We are using Seaside 2.6a2, but the problem also occurs in Seaside
2.6a1.

I added WAAuthConfiguration to the basic counter application and created
a second entry point to the counter application (counter2) and added
WAAuthConfiguartion to it as well. I specified the username and password
as being admin and seaside respectively on both.

I tried accessing the application from different browsers, but I get the
same behavior in Firefox, Opera and IE. The user is prompted for a
password when the first entry point is accessed, but the user is
definitely not prompted when trying to access the second entry point. 

I can see the realms are indeed different for each entry point since the
realm is displayed when prompted for a password. I.e. when I access the
entry points in a reversed order from a new browser session I can see
the counter2 realm is different to the counter realm.

Thank you,
Mart-Mari

-----Original Message-----
From: Julian Fitzell [mailto:julian at beta4.com] 
Sent: 31 Augustus 2005 04:40
To: The Squeak Enterprise Aubergines Server - general discussion.
Subject: Re: [Seaside] BUG: Basic authentication

Hmm... I can't reproduce this obviously with Seaside 2.5.

The two applications obviously have different basePath's and it is the 
basePath that Seaside uses by default as the realm for HTTP Basic 
Authentication.  As long as the applications are providing different 
authentication realms, the user should be reprompted for a password.  If
this 
is not the case, this is obviously a browser bug.

Can you confirm which version of seaside you're using and perhaps how
you are 
setting up the authenticated applications... is there any reason they
would 
actually be using the same realm?

Julian

Quoting Mart-Mari Breedt <breedt_m at aircom.co.za>:

> Hallo all,
> 
>  
> 
> We have the following problem. Consider you have two instances of the
> same seaside application, each set up with basic authentication.
> Example, you have two instances of the counter application (named
> counter1 and counter2) with username=admin and password=seaside on
both.
> 
> 
>  
> 
> When you log on to seaside/counter1, you would be prompted for a
> username and password. (Which is correct...) When you now log on to
> seaside/counter2 (from the same browser session) you would NOT be
> prompted for a username and password. The WARequest object contains
the
> previous username and password and since it is the same as the
username
> and password for this application, you are automatically validated.
This
> (We believe) is a bug, since you should have been prompted for a new
> username and password for two reasons. One: Because you are starting a
> new session and Two: Because you are accessing a totally different
> application instance.
> 
>  
> 
> Does anyone have any ideas or previous experiences on fixing this?
> 
>  
> 
> Thank you,
> 
>  
> 
> Mart-Mari
> 
>  
> 
>  
> 
> 


-- 
julian at beta4.com
Beta4 Productions (http://www.beta4.com) 
_______________________________________________
Seaside mailing list
Seaside at lists.squeakfoundation.org
http://lists.squeakfoundation.org/listinfo/seaside

More information about the Seaside mailing list