W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2003

Re: Chained proxies, persistent connections, authentication

From: Patrick R. McManus <mcmanus@ducksong.com>
Date: Thu, 23 Oct 2003 10:36:18 -0400
To: Rob Maidment <rob.maidment@clearswift.com>
Cc: "'ietf-http-wg@w3.org'" <ietf-http-wg@w3.org>
Message-ID: <20031023143618.GA3490@ducksong.com>

[Rob Maidment: Oct 23 15:31]
> 
> I am currently investigating a problem that occurs in this type of scenario:
> 
> browser -> proxy1 -> proxy2 -> server
> 
> Proxy1 is actually a Squid proxy, it is passing though the end-user
> authentication to proxy2.  The problem occurs because proxy1 is reusing
> connections to proxy2 for requests from different users, but proxy2 is only
> authenticating the first request on each new connection.  This means that
> subsequent requests are not being authenticated, and these requests are
> being treated as if they originated from the first user to use the
> connection.  
> 
> Which proxy is at fault?  I understood that one of the intended benefits of
> persistent connections was that a proxy would only have to authenticate the
> first request on each connection, which is a huge performance benefit.  

proxy2 is at fauilt. HTTP transactions are stateless.
Received on Thursday, 23 October 2003 10:36:02 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:49:25 GMT