Hi, Maybe I misconfigured something but I found a very strange behaviour with Digest and squid 3.2. The problem is When a user is connected with his good login/password and he close and reopen his navigator, he can change his login by another ID with nonce valid (even without password !)
For example: 1) One user logged with foo -> nonce valid 2) One user logged with jdoe -> nonce valid 3) User one close/open his firefox and write jdoe without password (or bad password no matter) 4) User one become also jdoe in log, acl, dansguardian, etc There is no link between nonce and login in squid ? With tcpdump I can see my new "ID" in Firefox Digest username="jdoe", realm="TEST", nonce="CzFwT1jv1AjDi6Uq" Fred
