----- Original Message ----- From: "Henrik Nordstrom" <[EMAIL PROTECTED]>
To: "Steven Wilton" <[EMAIL PROTECTED]> Cc: <[email protected]> Sent: Saturday, April 15, 2006 11:15 PM Subject: Re: problems with the squid-2.5 connection pinning
lör 2006-04-15 klockan 09:10 +0800 skrev Steven Wilton:Having seen your patch, I've added the Proxy-Support: headers, and alsoadded a "pinning" flag to the request->flags struct to allow identificationof a pinned connection.Looking at your patch I think you got the logics slightly wrong when adding the flag. Pinning is a property of the connections, not the individual requests. From the point where the server connection has indicated use of Microsoft authentication scheme the server-side connection should be exclusively reserved for the specific client connection, and requests from the same client connection should be handled both as pinned looking for a matching reserved server connection and as authenticated even if there is no Authorize header (Microsoft authentication only sends Authorize headers on the first request on the connection, subsequent requests automatically inherit the same credentials)
Thanks for pointing this out. I've updated the pinning patch to fix this problem, and tested on my home connection. I can confirm that it works for a simple http GET command, and I'll do further testing and update this list with the results using frontpage (which uses a variety of other http methods to transfer data).
Due to other changes in the squid source, I needed to set the "must_keepalive" flag on the request to stop squid from closing the client-side connection, and I also had to remove the "Connection: Proxy-support" header from being sent back to the client (this caused IE to get really confused).
regards Steven
pinning.patch
Description: Binary data
