Steps to reproduce
On accessing the site, the server (apache) issues a 401 and the standard pop-up/authentication succeeds.
Some time later, the user triggers js that:
Creates an XMLHttpRequest object
Initializes it for an async post
As seen in a wireshark trace (and with IE script debugging):
Normally, IE sends the cached credentials as Authorization, and the onreadystatechange function reaches 4 (DONE).
Sometimes, the server sends a 401, IE never responds. onreadystatechange only reaches 1. Eventually, the server closes the connection with a 408 (timeout).
However, the XMLHttpRequest never completes. It should re-send the request with the new digest, transparently to the js. One might understand if it completed with a 401 status. It does neither.
It appears that this happens when the server times out the Digest, and sends a 401 response, including “stale=true” in the challenge.
Once in this state, repeating the request produces the same hang (and another incomplete XMLHttpRequest).
Refreshing the page and immediately re-submitting the request authenticates properly.
Firefox behaves correctly.
XMLHttpRequest sends the Digest authenticator and completes.
Worst case, it reports an error status and completes.
Hanging forever is not expected (or acceptable).
Comments and activity
- Microsoft Edge Team
Changed Status to “Confirmed”
Changed Assigned To to “IPBS P.”
Changed Status from “Confirmed” to “Not reproducible”
Changed Assigned To from “IPBS P.” to “Venkat K.”
Changed Assigned To from “Venkat K.” to “Erik A.”