Howdy,
I've noticed something strange between two versions of IE 5.5 which is breaking authentication on a page of mine.
As I understand it: when the server sends a 401 Authorization Required to the browser, typically the browser pops up a username/password window and then reloads the same page with the credentials set. If the server again sends a 401 header back, the browser assumes the supplied credentials are incorrect, and pops open another window prompting the user. When the browser no longer gets 401 headers from the server it assumes the credentials are correct and stops prompting the user. It then continues to send the credentials to the server regardless of it being sent a 401 from the server.
Now what this odd version of IE is doing: it's sending the credentials to the server only when prompted with a 401 from the server. If prompted the first time from the server, it'll prompt the user and then reload with the credentials. If it doesnt get prompted again, it assumes the credentials are correct. Then, at the next page load, it doesn't send the credentials along. Instead the server promtps via a 401 and IE reloads the page again with the cached credentials. If it doesn't get a second 401 it assumes they're still correct. Otherwise it prompts the user again.
This seems very inefficient. It's generating 2 hits for every load! Is this standard practise amongst browsers, or can I safely assume this version of IE is broken?
Any input appreciated.
Thanks,
Aragon
