src="https://update.vivaldi.com/stats/piwik.php?idsite=1&rec=1&bots=1" style="border:0;" alt=""

Authentication inconsistency



  • There is a apache web-server running two ways: directly and as a servlet engine frontend, each supplying own space of URIs. Both ways has private URIs (still inside the same domain!) demanding authentication, both have got the same login/password pairs. Vivaldi understands these division on login - at both cases Vivaldi asks login/password. On the next Vivaldi session (that is restart) it remembers only one case while at the other one asking login/password again. Just for comparison: Firefox hasn't got the issue. And Chromium also hasn't got the issue. While Opera has. Is there some configuration options I have missed to resolve the issue?



  • VB-13675 is created.



  • Unfortunately version 1.3.551.30 is still affected by the issue.



  • @student975:

    Just for comparison: Firefox hasn't got the issue. And Chromium also hasn't got the issue. While Opera has.

    BTW, Opera. being your competitor, has fixed the issue. So, Vivaldi is the only browser having the issue among promising ones.



  • Have got 1.4 today - the issue still exists. It is very unusual when security related issues are ignored :P
    Must I supply some additional information?



  • @student975:

    Have got 1.4 today - the issue still exists. It is very unusual when security related issues are ignored :P

    That bug was marked as cannot reproduce, so, yes further infos real life examples would be welcome, we could reopen it if we have a reproducible scenario,



  • @The_Solutor:

    That bug was marked as cannot reproduce, so, yes further infos real life examples would be welcome, we could reopen it if we have a reproducible scenario,

    Can you please clarify a little? So, you have:

    • configured Apache with two path prefixes,
    • configured basic auth for the first prefix,
    • configured the second prefix to go to upstream Tomcat,
    • configured Tomcat context to use basic auth with the same user and password values,

    and Vivaldi remembers both auth pairs between sessions. Haven't you?

    And, by the way, how does a bug reporter (that is me at the case) can track bug history?



  • @student975:

    @The_Solutor:

    That bug was marked as cannot reproduce, so, yes further infos real life examples would be welcome, we could reopen it if we have a reproducible scenario,

    Can you please clarify a little? So, you have:

    I understand what are you saying, but keep in mind that hardly the team has the resources to setup properly a webserver just to test a relatively corner case scenario.

    I can ping again the devs and the other testers about that, but hardly they can do a lot w/o an account provided privately or a publicly accessible one.

    About the bug tracking, at least for now the bug tracker isn't publicly accessible, maybe this will change in the future but that is.

    You will receive a confirmation, you can reply to that email if you have something to add, and you will see the fixed ones on the changelogs.

    Anyway feel free to ask here about the current status, given many Mods are also testers and can report about a specific bug.


  • Moderator

    @student975
    You did not really sent enough information.
    We need a real test case with a server URLs to test it internally.
    I will contact you.



  • I haven't both opportunity and experience to setup Apache server. But there is a little more. So, we have these clashing addresses:

    _https://domain.com/prefix1/some/path - apache auth
    _https://domain.com/prefix2/another/path - tomcat auth

    I have tried also

    _https://www.domain.com/prefix1/some/path - apache auth
    _https://domain.com/prefix2/another/path - tomcat auth

    as far as address with www is alternative one. But the issue still exists!


Log in to reply
 

Looks like your connection to Vivaldi Forum was lost, please wait while we try to reconnect.