Re: "Hidden" HTTP 401 Errors

From: Miha Pihler (mihap-news_at_atlantis.si)
Date: 10/24/04

Next message: Greg: "Installed Symantec/Norton Internet Security 2005 and can no longer run IIS"
Previous message: Showkat Lone [MSFT]: "RE: Renaming a Server/ IIS Question"
In reply to: Eric Kassan: "Re: "Hidden" HTTP 401 Errors"
Next in thread: Ken Schaefer: "Re: "Hidden" HTTP 401 Errors"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sun, 24 Oct 2004 17:22:58 +0200

Eric,

How is your session timeout set?

I am not sure if this will help, but if you can, try to change the values
and see what happens.

Here is an example how to change the values.
http://support.microsoft.com/kb/233477/EN-US/

On IIS6 default timeout is 20 minutes.

Mike

"Eric Kassan" <mail@EricKassan.net> wrote in message
news:uCMIgcVuEHA.2820@TK2MSFTNGP15.phx.gbl...
> As I mentioned in my original question, I can understand this for the
first
> request to a session, but I am seeing this happen many times throughout a
> session. A couple examples:
>
> 1. A page is requested with security credentials, later the same second
the
> browser requests an image referenced in the page without credentials
> (first). Failure triggers the request to be resent with credentials so
the
> user sees the site "working".
>
> 2. Eight minutes later, the user clicks a link referencing another page
on
> the same site. The request comes in (first) without credentials.
>
> I looked at:
>
> INFO: How IIS Authenticates Browser Clients
> http://support.microsoft.com/default.aspx?scid=kb;en-us;264921
> "When Internet Explorer has established a connection with the server by
> using an authentication method other than Anonymous, it automatically
passes
> the credentials for every new request during the duration of the session."
>
> So this shouldn't happen. The clients involved are IE 6.0. What am I
> missing?
>
> Thanks.
>
>

Next message: Greg: "Installed Symantec/Norton Internet Security 2005 and can no longer run IIS"
Previous message: Showkat Lone [MSFT]: "RE: Renaming a Server/ IIS Question"
In reply to: Eric Kassan: "Re: "Hidden" HTTP 401 Errors"
Next in thread: Ken Schaefer: "Re: "Hidden" HTTP 401 Errors"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Single Sign On iwth JBoss / Tomcat / JAAS / Struts
... I am trying to propagate the credentials ... from a JAAS logon with jboss. ... So I tried to hack it, and make sure my request has got the ... store it in the session. ...
(comp.lang.java.programmer)
Re: "Hidden" HTTP 401 Errors
... request to a session, but I am seeing this happen many times throughout a ... A page is requested with security credentials, ... Failure triggers the request to be resent with credentials so the ... How IIS Authenticates Browser Clients ...
(microsoft.public.inetserver.iis.security)
Several persistent XSS and CSRF on Wireless-G ADSL Gateway with SpeedBooster (WAG54GS)
... there are still several other persistent XSS plus the system-wide CSRF ... the router's HTTP interface are vulnerable to Cross-site Request ... the administrator hasn't changed the default credentials (admin/admin) ... "Administration" page inaccessible since 'history.back' will run ...
(Bugtraq)
Re: User control remember state across pages without session
... Its a shame Microsoft don't extend viewstate beyond a single page because it ... An HTTP Request is received by the web server. ... It sends a Response to the client. ... > Request for a Page comes from any client, the Session Collection has a new ...
(microsoft.public.dotnet.framework.aspnet)
Re: Windows authentication for web service client??
... > Dim Response As System.Net.HttpWebResponse ... > make my http WEBDAV request here ... ... CredentialCache.DefaultCredentials will return the credentials that ... I have try the same approach using implicity impersonation, ...
(microsoft.public.dotnet.framework.aspnet.webservices)