ons 2009-11-04 klockan 18:25 +0100 skrev NOGUES Jean-Marc (EURIWARE): > Hi, > > > I say "usually normal", because the client software should be aware of > > that requirement and send the auth for as many requests as needed in the > > > session. > > Sniffing between Squid and clients shows that clients never send auth > data within further requests in the session. Clients only send auth > data just after receiving an "HTTP/1.1 401 Unauthorized" from the > remote web server.
Negotiate (and NTLM) is connection oriented non-HTTP compliuant auth schemes (basic principle of HTTP messaging violated). Because of this aut credentials is only seen on the first request per TCP connection. Once auth have completed on that connection further requests on tha same connection looks like they are anonymous but they are in fact not... (auth silently inherited from the TCP connection). Regards Henrik
