Re: [squid-users] authentication

From: Henrik Nordstrom <[email protected]>
Date: Wed, 3 Mar 2004 11:56:45 +0100 (CET)

On Wed, 3 Mar 2004, berrabah abdelrani wrote:

> We use Squid for authenticating users; Our purpose is
> to force users to reauthenticate after each 1 hour;

This is not possible in HTTP.

The problem is that the "authentication session" is within the browser,
not the proxy. To the proxy the browser re-authenticates on each and every
request. The reason why you do not see a login box all the time is because
the browser caches the login+password and reuses the same on all future
requests to the proxy.

Some browsers have a idle timeout setting where they can forget the login
if there has not been any activity for a certain period of time. Not all
browsers have this, and the proxy have no control over how long this
period is.

> We have used authenticate_ttl

This is not at all related to the question.

Regards
Henrik
Received on Wed Mar 03 2004 - 03:56:48 MST

This archive was generated by hypermail pre-2.1.9 : Thu Apr 01 2004 - 12:00:01 MST