Comment 10 for bug 595551

regarding the last sentence, this seems to be correct insofar that the user/pass which is stored in memory by the first url is not correct for the second. However, this means that the credentials from the url aren't used (as I also experienced with the user@domain urls). Also, the username from the url doesn't get pushed to the password-dialog.