Kovid, I suspect that the download is done by a different app than the browser, which causes the second auth request because the second app, perhaps the PDF reader, isn't sharing the authentication cookie. Further, the second app invalidates the original cookie. Assuming that iMumbles can support digest auth (not at all guaranteed), your fix should take care of the invalidated cookie but I think that the double auth will remain.
Kovid, I suspect that the download is done by a different app than the browser, which causes the second auth request because the second app, perhaps the PDF reader, isn't sharing the authentication cookie. Further, the second app invalidates the original cookie. Assuming that iMumbles can support digest auth (not at all guaranteed), your fix should take care of the invalidated cookie but I think that the double auth will remain.