diff --git a/dlls/wininet/http.c b/dlls/wininet/http.c
index ad01420d453..5844a7c7d69 100644
--- a/dlls/wininet/http.c
+++ b/dlls/wininet/http.c
@@ -853,7 +853,7 @@ static void destroy_authinfo( struct HttpAuthInfo *authinfo )
     heap_free(authinfo);
 }
 
-static UINT retrieve_cached_basic_authorization(const WCHAR *host, const WCHAR *realm, char **auth_data)
+static UINT retrieve_cached_basic_authorization(http_request_t *req, const WCHAR *host, const WCHAR *realm, char **auth_data)
 {
     basicAuthorizationData *ad;
     UINT rc = 0;
@@ -865,10 +865,24 @@ static UINT retrieve_cached_basic_authorization(const WCHAR *host, const WCHAR *
     {
         if (!strcmpiW(host, ad->host) && (!realm || !strcmpW(realm, ad->realm)))
         {
+            char *colon;
+            DWORD length;
+
             TRACE("Authorization found in cache\n");
             *auth_data = heap_alloc(ad->authorizationLen);
             memcpy(*auth_data,ad->authorization,ad->authorizationLen);
             rc = ad->authorizationLen;
+
+            /* update session username and password to reflect current credentials */
+            colon = strchr(ad->authorization, ':');
+            length = colon - ad->authorization;
+
+            heap_free(req->session->userName);
+            heap_free(req->session->password);
+
+            req->session->userName = heap_strndupAtoW(ad->authorization, length, &length);
+            length++;
+            req->session->password = heap_strndupAtoW(&ad->authorization[length], ad->authorizationLen - length, &length);
             break;
         }
     }
@@ -1144,7 +1158,7 @@ static BOOL HTTP_DoAuthorization( http_request_t *request, LPCWSTR pszAuthValue,
         if (!domain_and_username)
         {
             if (host && szRealm)
-                auth_data_len = retrieve_cached_basic_authorization(host, szRealm,&auth_data);
+                auth_data_len = retrieve_cached_basic_authorization(request, host, szRealm,&auth_data);
             if (auth_data_len == 0)
             {
                 heap_free(szRealm);
@@ -1660,7 +1674,7 @@ static BOOL HTTP_InsertAuthorization( http_request_t *request, struct HttpAuthIn
         UINT data_len;
         char *data;
 
-        if ((data_len = retrieve_cached_basic_authorization(host, NULL, &data)))
+        if ((data_len = retrieve_cached_basic_authorization(request, host, NULL, &data)))
         {
             TRACE("Found cached basic authorization for %s\n", debugstr_w(host));
 
diff --git a/dlls/wininet/tests/http.c b/dlls/wininet/tests/http.c
index 80d2aad9f41..b61d5c7030d 100644
--- a/dlls/wininet/tests/http.c
+++ b/dlls/wininet/tests/http.c
@@ -4481,15 +4481,15 @@ static void test_basic_auth_credentials_reuse(int port)
     SetLastError(0xdeadbeef);
     ret = InternetQueryOptionA(req, INTERNET_OPTION_USERNAME, buffer, &size);
     ok(ret, "unexpected failure %u\n", GetLastError());
-    todo_wine ok(!strcmp(buffer, "user"), "got %s\n", buffer);
-    todo_wine ok(size == 4, "got %u\n", size);
+    ok(!strcmp(buffer, "user"), "got %s\n", buffer);
+    ok(size == 4, "got %u\n", size);
 
     size = sizeof(buffer);
     SetLastError(0xdeadbeef);
     ret = InternetQueryOptionA(req, INTERNET_OPTION_PASSWORD, buffer, &size);
     ok(ret, "unexpected failure %u\n", GetLastError());
-    todo_wine ok(!strcmp(buffer, "pwd"), "got %s\n", buffer);
-    todo_wine ok(size == 3, "got %u\n", size);
+    ok(!strcmp(buffer, "pwd"), "got %s\n", buffer);
+    ok(size == 3, "got %u\n", size);
 
     status = 0xdeadbeef;
     size = sizeof(status);