Re: [squid-users] Squid Authing

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Fri, 8 Apr 2005 20:36:14 +0200 (CEST)

On Fri, 8 Apr 2005, Mark McCorkle wrote:

> Here comes the tricky part. When squid_redirector.pl gets a request that is
> flaged as a "brand new" session, it does the action I need it to and then it
> clears the flag. Then, a user closes their browser (which clears the http
> auth credentials on their side) and then 1 minute later opens up their
> browser again. Even though the browser has to prompt them for their
> credentials again, I have no way to know that the user closed their browser
> -- and if they are within their "timeout" value, I have no way to let
> squid_redirector.pl know to do his magic again.

Unfortunately not possible to detect reliably within the HTTP protocol.
There is no session in HTTP.

If using Basic authentication then you can detect this by seeing a request
without Proxy-Authentication from the users IP, at least if his browser is
interactively prompting for the login+password. But there is also browsers
sending requests without Proxy-Authentication sporadically during the
session so it is not a very reliable method. You can match such requests
using the req_hdr acl type or an external acl.

If using NTLM then there is absolutely no difference at all at the proxy
if the user continues using the same browser window or closes his browser
and opens a new.

Regards
Henrik
Received on Fri Apr 08 2005 - 12:36:16 MDT

This archive was generated by hypermail pre-2.1.9 : Sun May 01 2005 - 12:00:03 MDT