- From: Henrik Nordström <henrik@henriknordstrom.net>
- Date: Tue, 04 May 2010 01:05:22 +0200
- To: Mark Pauley <mpauley@apple.com>
- Cc: ietf-http-wg@w3.org
ons 2010-03-31 klockan 15:59 -0700 skrev Mark Pauley: > In the end, the only time CFNetwork zeroes out the POST's length is in > the case that we've already gotten a 4xx, and we are starting the NTLM > auth dance, because there is no way that NTLM can just decide to not > give us a 4xx once we give it the NTLM initiation in response to the > initial 4xx. There is. Any proxy using IP based authentication cache as commonly used for cutting down the overhead of NTLM MAY consider the IP already authenticated in the middle of an NTLM handshake or any other time if the same IP is performing other concurrent requests. So your assumption above only holds true IFF you know for sure that this client station is only having this single TCP connection open to the proxy. Note: Some servers MAY also perform something similar, but for servers use of session cookies is more common than relying on the IP. Regards Henrik
Received on Monday, 3 May 2010 23:05:57 UTC