Re: "Hidden" HTTP 401 Errors

From: Ken Schaefer (kenREMOVE_at_THISadopenstatic.com)
Date: 10/25/04


Date: Mon, 25 Oct 2004 12:45:36 +1000

Do you have "keep-alives" enabled on the server? What is the timeout (in
seconds)? The default timeout is 900 seconds (about 15 minutes). Some
authentication mechanisms involve authentication the hTTP connection - if
you do not have keep-alives enabled, or the http connection has been closed,
you will need to re-authenticate (well, this is how I think it works).

Cheers
Ken

"Eric Kassan" <mail@EricKassan.net> wrote in message
news:uCMIgcVuEHA.2820@TK2MSFTNGP15.phx.gbl...
> As I mentioned in my original question, I can understand this for the
> first request to a session, but I am seeing this happen many times
> throughout a session. A couple examples:
>
> 1. A page is requested with security credentials, later the same second
> the browser requests an image referenced in the page without credentials
> (first). Failure triggers the request to be resent with credentials so
> the user sees the site "working".
>
> 2. Eight minutes later, the user clicks a link referencing another page
> on the same site. The request comes in (first) without credentials.
>
> I looked at:
>
> INFO: How IIS Authenticates Browser Clients
> http://support.microsoft.com/default.aspx?scid=kb;en-us;264921
> "When Internet Explorer has established a connection with the server by
> using an authentication method other than Anonymous, it automatically
> passes the credentials for every new request during the duration of the
> session."
>
> So this shouldn't happen. The clients involved are IE 6.0. What am I
> missing?
>
> Thanks.
>
>