I've run into a interesting little shortcoming with HttpClient, and would like to know if someone is working on a solution.
When a browser goes to a site that requires Basic Authentication, it will make a request (GET /), get a 401 response with a realm attached, and prompt the user for a username and password for that realm. After getting the username/password, it fills in the appropriate header with that information, and makes the request again, gets the 200 response, and presumably all the data for the page. Now, on subsequent visits to the same site, it appears (from server logs) that the browser fills in the Authentication header for each request, in a kind of pre-emptive strike. That way, the browser and server don't have to do the request-401-auth-200 dance every single time. It appears that HttpClient doesn't do this process exactly like a browser. Every single Method that is execute()'d will send out the initial request without Authentication, get the 401, and then send the request again with authentication information attached. This is not normally a problem, or even noticable. My problem is that I'm doing an HTTP POST with a good amount of data. This data is being sent down the wire twice for every Method.execute() that I'm calling. I'm on DSL, so it's not too bad, but for large payloads or slow connections, it's IMHO unacceptable. I'm considering modifying HttpState and HttpMethodBase to act more like a browser... make HttpState store not only the realm, but also the url of the site that requires authentication, and then make HttpMethodBase fill in that information if it matches for every request after the first successful one. Is anyone else working on this, or have any input on a specific approach to this problem? Any things I should look out for? Does anyone have any idea what I'm talking about? ;) And, once I've finished this, and gotten it working, what should I do with it? Just send a patch to this list? Thanks for reading this far. matt __________________________________________________ Do You Yahoo!? Send FREE video emails in Yahoo! Mail! http://promo.yahoo.com/videomail/ -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
