Friday, November 13, 2009

TortoiseSVN no longer remembers password

In my workplace, we've been plagued with this issue since switching from http to https (maybe a year ago). At least, I think that's when it started. Whatever the reason, TortoiseSVN constantly forgets my svn credentials. I want to get to the bottom of why.

Here is the interesting bit - it can't really be tortoise' fault, as it clearly still knows the password based on the following behavior:

After it prompts you for the password that you had it remembering (that you had told it to remember previously), if you hit cancel and try your commit again, it won't prompt and it will work. Clearly the credentials remain stored, but some client/server interaction causes it to fail to authenticate sometimes. This happens very frequently. Most of us don't even bother checking the box anymore. (which would be a better practice from a security standpoint, but we all have our faults)

The moving parts:
  • Subversion 1.5.x Server
  • Apache 2.x
  • TortoiseSVN (1.5.x)
  • Active Directory (our authentication is against our standard AD credentials)
I am sure there is a solution out there. I will keep this post updated as I progress...


  1. Hi, I read this article from a google search.

    I'm facing the similar problem.

    Did you find and solution yet?


  2. I did eventually resolve the problem when I upgraded our Subversion server to 1.6.11, coupled with Apache 2.2.15 (on windows). Clients were upgraded to a comparable release of Tortoise. Note that with Svn 1.5 the mod_svn modules are compiled against apache 2.0.x, so this was more than a minor version bump as configs in 2.0 aren't necessary 2.2 compatible.

    The problem went away at that point. Most likely it was an apache thing, but I cannot say definitively. Maybe post a question at with all of your server info? (svn, apache, platform of the server, additional details like if you are using HTTPS and active directory) Or reply again with more details here.

    When upgrading to Apache 2.2, I did only the minimum configuration to get our HTTPS and Active Directory auth working - I did not carry over the Apache 2.0 configs, as lots of module names changed.