[
https://issues.apache.org/jira/browse/SLING-1765?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12908667#action_12908667
]
Felix Meschberger commented on SLING-1765:
------------------------------------------
Well, it may actually really be the case: The browser sends the credentials
preemptively to Sling which checks the request against all authentication
handlers falling back to the HTTP Basic Authentication handler by default
accepting preemptively sent HTTP Basic credentials.
As a result the request is actually authenticated, when it should really be ...
I cannot imagine a solution right now, but the workaround certainly is to
switch HTTP Basic authentication off completely -- or use an other browser
which does not preemptively send credentials, e.g. Chrome or Safari.
As it stands, this looks like "works as designed" ;-) (Agreed, it is not 100%
expected, though)
How about -- by default -- switch off HTTP Basic authentication completely;
thus not even support preemptive authentication out of the box ?
> Problems with authentication if basic auth was used before opening Sling
> Explorer
> ---------------------------------------------------------------------------------
>
> Key: SLING-1765
> URL: https://issues.apache.org/jira/browse/SLING-1765
> Project: Sling
> Issue Type: Bug
> Reporter: Mike Müller
> Priority: Minor
> Fix For: Sling Explorer 1.0.0
>
>
> If you login to /system/console and then go back to /.explorer.html the
> explorer shows that you're logged in, which is not the case.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
