1

I'm having some issues with Chrome canceling some HTTP requests and I'm suspecting cached authentication data to be the cause. Let me first write down some important factors about the application I'm writing.

  1. I was using Basic Authentication scheme for some time to guard several services and resources in my web app.
  2. In the meantime I was using/testing the app heavily using Chrome with my main Google Account fully synced. Most frequently I was using my name - "lukasz" - as the username in Basic Auth.
  3. Recently I have switched my application to use Digest Authentication.
  4. Now, some of the HTTP requests I'm making are failing with status=failed with no apparent reason. It only happens when I'm using user "lukasz", if I enter some other unique username - there is no problem.

I looked everywhere in the backend and frontend and I couldn't locate the issue to be in our code. I can easily reproduce this with user "lukasz" each time. So I reverted my code to Basic Auth (while not touching the rest of app) and the problem was gone.

That led me to think that there is something wrong with cached passwords. So I cleared the cache in Chrome, but that didn't help. After several hours of analyzing the issue I decided to make sure that I'm running fresh instance of Chrome, so I reinstalled it (deleting the disk data along the way). TADAAA! The problem was gone and I couldn't reproduce this anymore. Then I synchronized my Google Account with this newly installed Chrome and after a short while the requests to my app started failing again!! So I took a deeper look at this (cleaning profile data from disk and redoing all the steps) and indeed it looks like the problem starts as soon as my account is synced with cloud!

Yes, I know it sounds dodgy. It sounds ridiculous. It sounds stupid. But I am almost sure that those two problems are somehow related (failing requests and account sync).

My idea is this: Chrome somehow remembered that I was using "lukasz/my-pass" with Basic Auth for certain services. After I switched to Digest Auth the same combination of credentials (lukasz/my-pass) is now acting funny. Perhaps under the hood Chrome still thinks that this is Basic Auth and cancels requests when it learns otherwise?

UPDATE: I've did some low level debugging with chrome://net-internals/ and it appears that the problem is while reading cache entry. This seems to prove my initial assumption. I did some investigation and found this article. Apparently always adding "Last-Modified" header to my http response has solved the issue in Chrome (I'm still having some problems in FF, but that's off topic). However, it still doesn't solve my issue entirely. Why the requests were failing in the first place?

ŁukaszBachman
  • 33,595
  • 11
  • 64
  • 74

1 Answers1

0

You could try using incognito mode and see what happens. It may give you some hints without having to clear the cache or re-installing Chrome.

Also take a look at How to clear basic authentication details in chrome

Community
  • 1
  • 1
Amitabh
  • 162
  • 9
  • Incognito behaves the same. – ŁukaszBachman May 22 '13 at 05:34
  • There's a command line switch for chromium to select the auth schemes. This may help testing. --auth-schemes : HTTP authentication schemes to enable. This is a comma-separated list of authentication schemes (basic, digest, ntlm, and negotiate). By default all schemes are enabled. The primary use of this command line flag is to help triage authentication-related issues reported by end-users. – Amitabh May 29 '13 at 19:00
  • Yes, I have tried that. Nothing has changed. I've used only digest option in this argument, to make sure that proper scheme is always chose. – ŁukaszBachman May 30 '13 at 20:12