On mån, 2008-07-14 at 06:59 -0600, Russell Suter wrote:
> To me, the behavior is broken.
No.
> Either the single connection
> to the cache parent should provide the correct user
> credentials, or there should be one persistent connection per
> user.
Authentication in HTTP is per message, not per connection.
each message sent over the persistent connection includes the
authentication credentials for that message. The credentials on one
message MUST NOT have any implications on the following message.
If you don't beleive this fire up wireshark and look at the requests
sent to the parent by Squid.
The exception to this is the Microsoft authentication schemes which
violate the HTTP transport requirements completely by associating
authentication with hop-by-hop connections instead of end-to-end
messages..
> To have multiple requests from different users be
> represented by only one user is wrong...
Yes, but that's not Squid's fault in this case.
Regards
Henrik
Received on Tue Jul 15 2008 - 17:44:32 MDT
This archive was generated by hypermail 2.2.0 : Tue Jul 15 2008 - 12:00:04 MDT