How to get wget to fail to fetch a password-protected URL after a previous success?

[guy keren]

use 'strace' to try to locate where it might be storing the credentials.

--guy

On 12/19/22 03:57, Omer Zak wrote:
> I am writing regression tests to test that a website continues to
> behave the same after moving to another host.
> 
> Among other things, I want to test that a password-protected area in
> the website continues to work as expected, protecting its contents.
> 
> I am trying to test as follows.
> 
> wget ...other options... URL
>              # no passwords - expected to fail
> wget --user=wrong --password=wrong ...other options... URL
>              # expected to fail
> wget --user=correct --password=correct ...other options... URL
>              # expected to succeed
> 
> However after 1st time the correct user+password are presented,
> subsequent wget's to the same URL do not fail.
> 
> I Googled but found nothing useful.
> My version of wget is: GNU Wget 1.21 built on linux-gnu.
> (there is more information, will be provided if relevant)
> 
> At the suggestion of:
> https://stackoverflow.com/questions/35076334/dd-wrt-wget-returns-a-cached-file
> I tried:
> wget -p --no-http-keep-alive --no-cache --no-cookies \
>          --user=whatever --password=whatever
>          --no-host-directories URL
> Even this did not fail.
> 
> There is no obvious place in the filesystem where wget might cache its
> credentials.
> 
> How can I get wget to fail to fetch a password-protected web resource
> (HTTP 403 Forbidden) after it succeeded in fetching the same resource
> previously?
> 
> Thanks,
> --- Omer Zak
> 
>