When there are multiple HTTP requests in flight with the same bad credentials (common with proxy auth if the user mistyped their password), the first 407 that's received will cause the credentials to be purged and the password dialog to open for new credentials. This means that all 407's received after this should only purge the credentials if they have not already been updated from the dialog; otherwise they will be wiping out credentials that haven't failed yet.
Created attachment 201852 [details] fix
Comment on attachment 201852 [details] fix Looks good.
Comment on attachment 201852 [details] fix Clearing flags on attachment: 201852 Committed r150147: <http://trac.webkit.org/changeset/150147>
All reviewed patches have been landed. Closing bug.