I am having an issue with web browsers (any) temporarily remembering username and password combinations for a website I am creating. I am using LDAP to authenticate to an MS AD.
Here is the scenario:
I go to my site. Click a password protected directory and I am prompted with a dialogue box for username/password. I enter the appropriate information and I am let through. I can look around that hole page (and any subsequent page) without having to pass my user/pass ever again.
The next page is a default "Index of" page. I click the "Parent Directory" link or my browser's "Back" button to get back to the main site.
I click a new password protected link (not the same as the one above). Again, I am prompted for password and user name (different set this time) and again I happily comply. Again the next page is a default "Index of" page. Again I click the "Parent Directory" link or my browser's "Back" button to get to the main site. Again I can roam about that directory no problem without user/pass being asked again.
I then click the original password protected directory. I am prompted again for a username/password. However, the "username" portion is already filled in with the correct username. (Not bad
). So I comply with the password. The first some it doesn't work. The second time I am let though. However, if I click any links on any subsequent page that is under that directory I am prompted for my user/pass every time.
If I go to the second password protected directory I am not prompted at all.
This behavior only arises out of Internet Explorer (both 6 and 7), but not FireFox. As much as I would LOVE all my users to switch to Firefox (
) I am a lone *NIX man in a Windows Shop...
I have also tried using Apache to Authenticate using Kerberos and it only keeps track of one set of credentials. I have also tried using a MySQL integration but it yields the same result as the LDAP above.
Like I said solutions to the issue are as I see them:
Use Firefox :-D
Close and reopen IE
I know that above is probably as clear as mud, but any help/guidance would be apreciated....
The desired result would be have the user prompted for a password everytime they click on a Password protected link, when the go back to the main page have their credentials "forgotten" and have them get re-prompted, and finally once authenticated to a directory they should be allowed to roam about that directory unfettered by user/pass requests.
Thanks for your time.