W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1997

Re: HTTP/1.1 issue: Proxy-Authorization

From: <wyllys@reston.ans.net>
Date: Fri, 14 Mar 1997 11:23:28 -0500 (EST)
Message-Id: <199703141620.AA06897@interlock.reston.ans.net>
To: Dave Kristol <dmk@research.bell-labs.com>
Cc: http-wg@cuckoo.hpl.hp.com

I beleive that UA's are supposed to send it every time as long
as it is going through the same proxy.

MSIE has at least one bug relating to the Proxy-Authorization
where it does not send it in some circumstances.  There
may be others.

For example: If you have never "proxy-authenticated" previously and 
you request a non-HTTP URL, if the proxy responds asking
for Proxy-Authorization MSIE 3.01 will not respond at all.
This bug is known by MS (I spoke with them just the other day)
and should be fixed in the next release.

The whole benefit of Proxy-Auth would be lost if it was only
sent once and never again.  Users would be constantly 
bombarded with requests to re-authenticate every time a 
URL request was made to the proxy unless the proxy somehow
maintained some sort of state between connections and knew
how to associate old authorization credentials with each new
request.

-- 
 Wyllys Ingersoll                    
 ANS Communications
 Reston, VA

> 
> An application I'm working on depends on a user agent's sending the
> Proxy-Authorization header to a proxy every time once authentication
> has been requested (and is successful).  Netscape does so; MSIE 3.01
> does not.
> 
> The HTTP/1.1 spec. is silent about whether a UA must send the header
> every time.  I would like to know what the intended behavior is.  If
> "every time" is the intended behavior, the spec. needs to be
> clarified.
> 
> Dave Kristol
> 
> 
Received on Friday, 14 March 1997 08:25:44 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:32:31 EDT