Closed Issue 56

[JLuboff]

Updated caveats to include section on user authentication with certain browsers that take more than one attempt to get user information. Included code to depict one potential work around.

[tokidoki11]

Seeing the code in your possible workaround In my case, I dont include next, I just leave it blank if req,connection.user is not there

If I include next, it may trigger error if you have any middleware depend on req.connection.user property quoting:

if option authoritative is not set to true, then the output is the same as authoritative except NodeSSPI will not write error message to response body, nor block the request, i.e. it will not call res.end(err). This allows the caller and downstream middleware to make decision.

I think by default it will send 401 error and then the browser will re-attemp the request