> When a browser goes to a site that requires Basic Authentication, it > will make a request (GET /), get a 401 response with a realm > attached, and prompt the user for a username and password for that > realm. After getting the username/password, it fills in the > appropriate header with that information, and makes the request > again, gets the 200 response, and presumably all the data for the > page. > > Now, on subsequent visits to the same site, it appears (from server > logs) that the browser fills in the Authentication header for each > request, in a kind of pre-emptive strike. That way, the browser and > server don't have to do the request-401-auth-200 dance every single > time. > > It appears that HttpClient doesn't do this process exactly like a > browser. Every single Method that is execute()'d will send out the > initial request without Authentication, get the 401, and then send > the request again with authentication information attached. > > This is not normally a problem, or even noticable. > > My problem is that I'm doing an HTTP POST with a good amount of data. > This data is being sent down the wire twice for every > Method.execute() that I'm calling. I'm on DSL, so it's not too bad, > but for large payloads or slow connections, it's IMHO unacceptable. > > I'm considering modifying HttpState and HttpMethodBase to act more > like a browser... make HttpState store not only the realm, but also > the url of the site that requires authentication, and then make > HttpMethodBase fill in that information if it matches for every > request after the first successful one. > > Is anyone else working on this, or have any input on a specific > approach to this problem? Any things I should look out for? Does > anyone have any idea what I'm talking about? ;)
I would just consider using some data structure that allows the HttpClient user to specify the size of this cache, although I would imagine the cache of URLs that require authentication would always be pretty small. > And, once I've finished this, and gotten it working, what should I do > with it? Just send a patch to this list? It seems that that's the thing to do, yes. Otis _________________________________________________________________ iVillage.com: Solutions for Your Life Check out the most exciting women's community on the Web http://www.ivillage.com -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
