Re: "Hidden" HTTP 401 Errors

From: Ken Schaefer (
Date: 10/25/04

Date: Mon, 25 Oct 2004 12:45:36 +1000

Do you have "keep-alives" enabled on the server? What is the timeout (in
seconds)? The default timeout is 900 seconds (about 15 minutes). Some
authentication mechanisms involve authentication the hTTP connection - if
you do not have keep-alives enabled, or the http connection has been closed,
you will need to re-authenticate (well, this is how I think it works).


"Eric Kassan" <> wrote in message
> As I mentioned in my original question, I can understand this for the
> first request to a session, but I am seeing this happen many times
> throughout a session. A couple examples:
> 1. A page is requested with security credentials, later the same second
> the browser requests an image referenced in the page without credentials
> (first). Failure triggers the request to be resent with credentials so
> the user sees the site "working".
> 2. Eight minutes later, the user clicks a link referencing another page
> on the same site. The request comes in (first) without credentials.
> I looked at:
> INFO: How IIS Authenticates Browser Clients
> "When Internet Explorer has established a connection with the server by
> using an authentication method other than Anonymous, it automatically
> passes the credentials for every new request during the duration of the
> session."
> So this shouldn't happen. The clients involved are IE 6.0. What am I
> missing?
> Thanks.