diff --git a/content/fetch.c b/content/fetch.c
index 85e6f00f2..a5673a08c 100644
--- a/content/fetch.c
+++ b/content/fetch.c
@@ -558,7 +558,7 @@ bool fetch_process_headers(struct fetch *f)
 
         /* handle HTTP 401 (Authentication errors) */
         if (http_code == 401) {
-                f->callback(FETCH_AUTH, f->p, xstrdup(f->realm),0);
+                f->callback(FETCH_AUTH, f->p, f->realm,0);
                 return true;
         }
 
diff --git a/desktop/loginlist.c b/desktop/loginlist.c
index 9089ae287..639865a7b 100644
--- a/desktop/loginlist.c
+++ b/desktop/loginlist.c
@@ -5,7 +5,7 @@
  * Copyright 2003 John M Bell <jmb202@ecs.soton.ac.uk>
  */
 
-//#define NDEBUG
+#define NDEBUG
 
 #include <assert.h>
 #include <string.h>
@@ -67,6 +67,7 @@ struct login *login_list_get(char *host) {
   struct login *nli;
   char *temp, *temphost;
   char *i;
+  int reached_scheme = 0;
 
   if (host == NULL)
     return NULL;
@@ -74,8 +75,10 @@ struct login *login_list_get(char *host) {
   temphost = get_host_from_url(host);
   temp = xstrdup(host);
 
+  /* Smallest thing to check for is the scheme + host name + trailing '/'
+   * So make sure we've got that at least
+   */
   if (strlen(temphost) > strlen(temp)) {
-    LOG(("here"));
     temp = get_host_from_url(host);
   }
 
@@ -86,7 +89,7 @@ struct login *login_list_get(char *host) {
    * This allows multiple realms (and login details) per host.
    * Only one set of login details per realm are allowed.
    */
-   do {
+  do {
 
     LOG(("%s, %d", temp, strlen(temp)));
 
@@ -94,25 +97,26 @@ struct login *login_list_get(char *host) {
                                 (strcasecmp(nli->host, temp)!=0);
          nli = nli->next) ;
 
-    if (temp[strlen(temp)-1] == '/') {
-      temp[strlen(temp)-1] = 0;
-    }
-
-    i = strrchr(temp, '/');
-
-    if (temp[(i-temp)-1] != '/') /* reached the scheme? */
-      temp[(i-temp)+1] = 0;
-    else {
-      xfree(temphost);
-      return NULL;
-    }
-
     if (nli != loginlist) {
       LOG(("Got %s", nli->host));
       xfree(temphost);
       return nli;
     }
-  } while (strcasecmp(temp, temphost) != 0);
+    else {
+
+      if (temp[strlen(temp)-1] == '/') {
+        temp[strlen(temp)-1] = 0;
+      }
+
+      i = strrchr(temp, '/');
+
+      if (temp[(i-temp)-1] != '/') /* reached the scheme? */
+        temp[(i-temp)+1] = 0;
+      else {
+        reached_scheme = 1;
+      }
+    }
+  } while (reached_scheme == 0);
 
   xfree(temphost);
   return NULL;
diff --git a/riscos/401login.c b/riscos/401login.c
index 81f4ba75e..8613425c1 100644
--- a/riscos/401login.c
+++ b/riscos/401login.c
@@ -84,7 +84,7 @@ void ro_gui_401login_open(char *host, char* realm, char *fetchurl)
 	dialog_401->icons[ICON_401LOGIN_HOST].data.indirected_text.size =
 		strlen(host) + 1;
 	dialog_401->icons[ICON_401LOGIN_REALM].data.indirected_text.text =
-		realm;
+		xstrdup(realm);
 	dialog_401->icons[ICON_401LOGIN_REALM].data.indirected_text.size =
 		strlen(realm) + 1;
 	dialog_401->icons[ICON_401LOGIN_USERNAME].data.indirected_text.text =