We have discovered another scenario that reproduces this problem. It
occurs when using a session with basic authentication.

Issue a GET to a server.
Server responds with challenge.
Re-issue GET with Basic Auth.
Server issues a session cookie.
Now issue a PUT/SEARCH/etc. with the same handle.
When the second request is issued CURL sends out the PUT/etc. with the
session cookie and authorization.
Since the server does not re-challenge the "fake GET", the request to
fails immediately as the following log illustrates:

* About to connect() to 192.168.1.xxx port 80
* Connected to 192.168.1.xxx (192.168.1.xxx) port 80
> GET / HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en)
Host: 192.168.1.xxx
Pragma: no-cache
accept:*/*
Content-Type:text/html

< HTTP/1.1 401 Access Denied
< Server: Microsoft-IIS/5.0
< Date: Wed, 24 Dec 2003 17:27:44 GMT
< WWW-Authenticate: Basic realm="192.168.1.xxx"
< Connection: close
< Content-Length: 24
< Content-Type: text/html
* Closing connection #0
* Issue another request to this URL: 'http://192.168.1.xxx/'
* About to connect() to 192.168.1.xxx port 80
* Connected to 192.168.1.xxx (192.168.1.xxx) port 80
* Server auth using Basic with user 'xxx\xxx'
> GET / HTTP/1.1
Authorization: Basic xxxxxxxxxxxxxxxxxxxx==
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en)
Host: 192.168.1.xxx
Pragma: no-cache
accept:*/*
Content-Type:text/html

< HTTP/1.1 200 OK
< Server: Microsoft-IIS/5.0
< Date: Wed, 24 Dec 2003 17:27:44 GMT
< X-Powered-By: ASP.NET
* Added cookie sessionid="0c09bfff-a008-4055-b6d9-62eee7704cad,0x0" for
domain 192.168.1.xxx, path /, expire 0
< Set-Cookie: sessionid=0c09bfff-a008-4055-b6d9-62eee7704cad,0x0; path=/
< Content-Type: text/html
< Content-Length: 1004
< MS-WebStorage: 6.0.6249
< Cache-Control: no-cache
* Connection #0 left intact
* Re-using existing connection! (#0)
* Connected to (192.168.1.xxx) port 80
> BDELETE / HTTP/1.1
Authorization: Basic xxxxxxxxxxxxxxxxxxxxxxxxxx==
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en)
Host: 192.168.1.xxx
Pragma: no-cache
Cookie: sessionid=0c09bfff-a008-4055-b6d9-62eee7704cad,0x0
accept:*/*
Content-Type:text/xml

< HTTP/1.1 411 Length Required
< Server: Microsoft-IIS/5.0
< Date: Wed, 24 Dec 2003 17:27:44 GMT
< X-Powered-By: ASP.NET
< Connection: close
< Content-Type: text/html
< Content-Length: 147
* Closing connection #0

On Friday, December 19, 2003, at 02:09 AM, Daniel Stenberg wrote:

> On Fri, 19 Dec 2003, Jacob Swed wrote:
>
>> It would be great if this could be fixed before 7.11.0 is released,
>> but I am
>> guessing that boat has sailed.
>
> No, I too would like to see this issue fixed before 7.11.
>
> At the moment, I haven't set a date or anything for when I want 7.11
> shipped,
> so I continue to add issues to fix before this release.
>
> When we get into next year I might reconsider some of the things
> planned for
> 7.11.0 to see if they're better suited for 7.11.1 instead... :-)
>
>> Would you like to open a bug or shall I?
>
> I'd rather you do it. I've already added this issue to my "TODO for
> 7.11"
> document (I'll post that here later today).
>
> Thanks!
>
> --
> Daniel Stenberg -- http://curl.haxx.se/ -- http://daniel.haxx.se/
> [[ Do not send mails to this email address. They won't reach me. ]]
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: IBM Linux Tutorials.
> Become an expert in LINUX or just sharpen your skills. Sign up for
> IBM's
> Free Linux Tutorials. Learn everything from the bash shell to sys
> admin.
> Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
>

-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills. Sign up for IBM's
Free Linux Tutorials. Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
Received on 2003-12-24