Issue with digest authentication (bug with expired nonce?)
Joe Orton
joe at manyfish.co.uk
Mon Jul 20 12:12:55 EDT 2009
On Mon, Jul 20, 2009 at 04:39:55PM +0200, Helge Heß wrote:
...
> www-authenticate: digest
> nonce="608813104748652097786845376369540413326582419906442545814",
> stale="true",
> realm="/Search",
> algorithm="md5"
>
> New nonce, and stale set to true.
>
> Problem is, that Neon doesn't seem to catch this. It ends up passing the
> 401 response to me, with a NE_AUTH return code. I would expect an
> automatic reauth with the new nonce?
Yup, that should be what happens with the current code. (stale handling
was broken pre-0.27.0 but I presume you are using a modern version of
neon?)
What's the session error string set to at the point NE_AUTH is returned?
Capturing a debug log of this (NE_DBG_HTTP|NE_DBG_HTTPAUTH) would be the
best way to diagnose further.
Regards, Joe
More information about the neon
mailing list