admin-bar shouldn't be served via /wp-admin
|Reported by:||robertaccettura||Owned by:|
Ideally the admin-bar shouldn't serve anything out of /wp-admin since some users .htaccess protect by IP or password. The chart however is. This is fine normally but since cookies don't abide by the same expiration policies as other security mechanisms you can end up with a password prompt on every page, or just a 403.
Ideally a php file in /wp-includes for the chart would be better.
Seeing this behavior in 3.1.