Invalidate credentials if the server rejects them.

net/http/http_auth_handler_basic.cc

Index: net/http/http_auth_handler_basic.cc
diff --git a/net/http/http_auth_handler_basic.cc b/net/http/http_auth_handler_basic.cc
index e48aa6761ebfc40c886513169e0f2c4b92429971..9ed28e2063297c119a647595e0086d9643e0af45 100644
--- a/net/http/http_auth_handler_basic.cc
+++ b/net/http/http_auth_handler_basic.cc
@@ -53,9 +53,20 @@ bool HttpAuthHandlerBasic::ParseChallenge(
 
 HttpAuth::AuthorizationResult HttpAuthHandlerBasic::HandleAnotherChallenge(
     HttpAuth::ChallengeTokenizer* challenge) {
-  // Basic authentication is always a single round, so any responses should
-  // be treated as a rejection.
-  return HttpAuth::AUTHORIZATION_RESULT_REJECT;
+  // Basic authentication is always a single round, so any responses
+  // should be treated as a rejection.  However, if the new challenge
+  // is for a different realm, then indicate the realm change.
+  HttpUtil::NameValuePairsIterator parameters = challenge->param_pairs();
+  std::string realm;
+  while (parameters.GetNext()) {
+    if (LowerCaseEqualsASCII(parameters.name(), "realm")) {
+      realm = parameters.value();
+      break;
+    }
+  }
+  return (realm_ != realm)?
+      HttpAuth::AUTHORIZATION_RESULT_DIFFERENT_REALM:
+      HttpAuth::AUTHORIZATION_RESULT_REJECT;
 }
 
 int HttpAuthHandlerBasic::GenerateAuthTokenImpl(