auth_digest_expires does not seem to work

[ninakka]

I am using nginx 1.21.3 and installed it from source compiling it with this module.

The authentication works in that it asks the user for username and password. But I do not see the expiry happening. I am able to access the website without login a long time after. I am using these settings.

                auth_digest_timeout 60s; # allow users to wait 1 minute between receiving the
                                         # challenge and hitting send in the browser dialog box
                auth_digest_expires 10s; # after a successful challenge/response, let the client
                                         # continue to use the same nonce for additional requests
                                         # for 10 seconds before generating a new challenge
                auth_digest_replays 2;   # also generate a new challenge if the client uses the
                                         # same nonce more than 20 times before the expire time limit

[erikdubbelboer]

Did you check the headers being sent? It's probably your browser caching the password and automatically authenticating again.