Re: "Hidden" HTTP 401 Errors

From: Miha Pihler (mihap-news_at_atlantis.si)
Date: 10/24/04


Date: Sun, 24 Oct 2004 17:22:58 +0200

Eric,

How is your session timeout set?

I am not sure if this will help, but if you can, try to change the values
and see what happens.

Here is an example how to change the values.
http://support.microsoft.com/kb/233477/EN-US/

On IIS6 default timeout is 20 minutes.

Mike

"Eric Kassan" <mail@EricKassan.net> wrote in message
news:uCMIgcVuEHA.2820@TK2MSFTNGP15.phx.gbl...
> As I mentioned in my original question, I can understand this for the
first
> request to a session, but I am seeing this happen many times throughout a
> session. A couple examples:
>
> 1. A page is requested with security credentials, later the same second
the
> browser requests an image referenced in the page without credentials
> (first). Failure triggers the request to be resent with credentials so
the
> user sees the site "working".
>
> 2. Eight minutes later, the user clicks a link referencing another page
on
> the same site. The request comes in (first) without credentials.
>
> I looked at:
>
> INFO: How IIS Authenticates Browser Clients
> http://support.microsoft.com/default.aspx?scid=kb;en-us;264921
> "When Internet Explorer has established a connection with the server by
> using an authentication method other than Anonymous, it automatically
passes
> the credentials for every new request during the duration of the session."
>
> So this shouldn't happen. The clients involved are IE 6.0. What am I
> missing?
>
> Thanks.
>
>



Relevant Pages

  • Single Sign On iwth JBoss / Tomcat / JAAS / Struts
    ... I am trying to propagate the credentials ... from a JAAS logon with jboss. ... So I tried to hack it, and make sure my request has got the ... store it in the session. ...
    (comp.lang.java.programmer)
  • Re: "Hidden" HTTP 401 Errors
    ... request to a session, but I am seeing this happen many times throughout a ... A page is requested with security credentials, ... Failure triggers the request to be resent with credentials so the ... How IIS Authenticates Browser Clients ...
    (microsoft.public.inetserver.iis.security)
  • Several persistent XSS and CSRF on Wireless-G ADSL Gateway with SpeedBooster (WAG54GS)
    ... there are still several other persistent XSS plus the system-wide CSRF ... the router's HTTP interface are vulnerable to Cross-site Request ... the administrator hasn't changed the default credentials (admin/admin) ... "Administration" page inaccessible since 'history.back' will run ...
    (Bugtraq)
  • Re: User control remember state across pages without session
    ... Its a shame Microsoft don't extend viewstate beyond a single page because it ... An HTTP Request is received by the web server. ... It sends a Response to the client. ... > Request for a Page comes from any client, the Session Collection has a new ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Windows authentication for web service client??
    ... > Dim Response As System.Net.HttpWebResponse ... > make my http WEBDAV request here ... ... CredentialCache.DefaultCredentials will return the credentials that ... I have try the same approach using implicity impersonation, ...
    (microsoft.public.dotnet.framework.aspnet.webservices)