Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Safari 5.1 and HTTP basic access authentication not working

After upgrading to Mac OS X Lion, Safari 5.1 appears to not behave correctly with HTTP basic access authentication and server page redirects. Safari 5.1 is prompting for the username and password again on pages protected by HTTP basic access authentication, but only if those pages are the result of the server sending a 301 or 302 header to redirect to that page. Previous versions of Safari, and all othe current web browsers, do not prompt for the password again. I have confirmed this problem on three separate Macs running Safari 5.1.


A sample workflow:


  1. In Safari 5.1, visit a web site with HTTP basic access authentication in place
    HTTP basic access authentication can be configured on an Apache web server using directives such as "AuthType Basic" and "Require valid-user" either within the main server's configuration or inside a .htaccess file. It's typically used in conjunction with a .htpasswd file.
  2. Safari presents a sheet window asking for a username and password
    This only appears if it's the first time visiting the site since opening Safari. Log in with the username and password, click "Log in," and the page loads.
  3. Click a link to a regular page on the site
    The page loads. There's no re-entry of username and password required as expected.
  4. Click a link to a page that sends a 301 or 302 "moved" header to redirect the browser to another page
    The sheet window appears in Safari asking for the username and password again.


This behavior is incorrect.


For reference, Safari's "AutoFill web forms" is checked in the Preferences window; however, I do not check the "Remember this password in my keychain" checkbox in the sheet window Safari produces to enter the username and password for HTTP basic access authentication.


Oddly, a lot of my day-to-day web development has this scenario which renders Safari 5.1 unusable at this time. I have been unable to find anyone else mentioning this issue.


Has anyone else also noticed this?

Safari-OTHER, Mac OS X (10.7)

Posted on Aug 19, 2011 11:14 AM

Reply
31 replies

Aug 26, 2011 11:13 AM in response to Enjolras

Enjolras


I was having the same issue with Safari 5.1 update on Snow Leopard, oddly I did not have this issue on a Lion upgrade from SL on my MBP.


I was able to resolve the issue by unchecking "User names and passwords" in the Auto fill portion of Safari's preferences. Quiting Safari, and then opening Safari again and then checking the "User names and passwords" option. Returning to the authentication page resulted in my user names and passwords returning to their auto fill simplicity.


Results may very, but I hope this can help.


Nick

Sep 29, 2011 1:20 AM in response to Enjolras

Yep, having the exact same problem, and it's really annoying. Looking at the HTTP headers, it is definitely because of the 30x redirection. I've compared it against Firefox, and Safari is not sending the "Authorization: Basic" HTTP header with the authentication credentials in the GET directly after the 30x notification from the server. Because it's not getting the credentials, the server needs to get the client to reauthenticate. On normal GETs, Safari sends the Authorization header as expected. It only happens on a redirect.


I'm just wondering if it's related to this: http://lists.apple.com/archives/Webkitsdk-dev/2011/Mar/msg00006.html. Instead of fixing it, maybe they just stopped sending authorizations altogether on redirects.


I'm going to submit a bug report to Apple via the Safari "Report Bugs to Apple..." thingy. Fingers crossed it's fixed in an update shortly.

Oct 31, 2011 2:01 PM in response to dozy

First I Reset Safari, then close Safari then navigate to:


Home/Library/Preferences and look for and then remove


com.apple.Safari.plist

com.apple.Safari.RSS.plist


Also:


Home/Library/Safari/ folder and remove the following two files:


history.plist

lastsession.plist


And


Go to Home/Library/Caches/Metadata/Safari/ and remove the contents of that folder.


(These are just webhistory files and are not required for Safari to run. However, similar to preference files, problems can arise if they have become corrupt.)


Locate the cookies.plist file that's located in the Home/Library/Cookies/ folder and remove it.


They will all be recreated next time you launch Safari.

Safari 5.1 and HTTP basic access authentication not working

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.