Re: [squid-users] Squid Authing

From: Mark McCorkle <[email protected]>
Date: Fri, 08 Apr 2005 15:52:36 -0400

Henrik Nordstrom wrote:

> On Fri, 8 Apr 2005, Mark McCorkle wrote:
>
>> Here comes the tricky part. When squid_redirector.pl gets a request
>> that is flaged as a "brand new" session, it does the action I need it
>> to and then it clears the flag. Then, a user closes their browser
>> (which clears the http auth credentials on their side) and then 1
>> minute later opens up their browser again. Even though the browser
>> has to prompt them for their credentials again, I have no way to know
>> that the user closed their browser -- and if they are within their
>> "timeout" value, I have no way to let squid_redirector.pl know to do
>> his magic again.
>
>
> Unfortunately not possible to detect reliably within the HTTP
> protocol. There is no session in HTTP.
>
> If using Basic authentication then you can detect this by seeing a
> request without Proxy-Authentication from the users IP, at least if
> his browser is interactively prompting for the login+password. But
> there is also browsers sending requests without Proxy-Authentication
> sporadically during the session so it is not a very reliable method.
> You can match such requests using the req_hdr acl type or an external
> acl.
>
> If using NTLM then there is absolutely no difference at all at the
> proxy if the user continues using the same browser window or closes
> his browser and opens a new.
>
> Regards
> Henrik

Thanks Henrik. I was thinking I had just missed something, but it sounds
like I'm just seeing how things are.

Does anyone else on the list have a good work around they could
recommend? All I want to do is to have a specific action happen during
first time a new browser auths and asks for content from my squid
server. Any suggestions are welcome.

::Mark McCorkle
Received on Fri Apr 08 2005 - 12:56:12 MDT

This archive was generated by hypermail pre-2.1.9 : Sun May 01 2005 - 12:00:03 MDT