On Wed, 3 Mar 2004, berrabah abdelrani wrote: > We use Squid for authenticating users; Our purpose is > to force users to reauthenticate after each 1 hour;
This is not possible in HTTP. The problem is that the "authentication session" is within the browser, not the proxy. To the proxy the browser re-authenticates on each and every request. The reason why you do not see a login box all the time is because the browser caches the login+password and reuses the same on all future requests to the proxy. Some browsers have a idle timeout setting where they can forget the login if there has not been any activity for a certain period of time. Not all browsers have this, and the proxy have no control over how long this period is. > We have used authenticate_ttl This is not at all related to the question. Regards Henrik
