identify manager prompting for authentication of unsecured service

Discussion created by zconlen on Jul 8, 2013
I'm experiencing an odd bug with my application. The app uses a webmap with an unsecured map service. The app also includes a secured feature service of a table which is not part of the webmap. The feature service is used for custom attribute editing and attachment uploading. Everything works as expected to start. No prompt for authentication initially, because the feature service is not part of the webmap. When a user attempts to do an edit task, they are prompted for authentication to the feature service as expected. If they provide the proper user and password all is well; the app works as expected. If, they cancel out of the identity manager, they are denied access to the editing interface as expected, but the next time they click a feature to get a popup, the identity manager dialog appears and the user is promped to authenticate for each layer in the unsecured map service.

Here is a screenshot. The service called COB_Utilities/SewerPipes is not secured.

Using fiddler I can see that once the user has successfully authenticated to the secure feature service, all identify/query requests appear to append a token, even though the service they are requesting from is unsecured.  No clue why this would hapen. Any ideas?

Using jsapi 2.8.