Re: [squid-users] force periodic authentication in squid 2.5

From: Henrik Nordstrom <hno@dont-contact.us>
Date: 16 Apr 2003 16:30:30 +0200

tis 2003-04-15 klockan 19.37 skrev Sean Shannon:
> Hi,
> This seems like a very basic configuration issue, but I have been unable to
> find an answer
> within the FAQ or numerous google searches.

This is because there is no good answer to this seemingly basic
question, and as described below the problem is not actually a Squid
problem but a more generic one relating to the HTTP protocol.

> I would like to configure squid to re-authenticate (deny a request to force
> the browser to ask for ID and password), if 15 minutes have passed since their
> last request. (IOW: someone logged in, used the Internet, and walked
> away without shutting down the browser)

Then you need to configure your browser to have this timeout. There is
nothing Squid can do about this.

Fact: Squid asks for authentication on each and every request. There is
no such thing as "login" or "logout" in HTTP, and authentication happens
per request.

The only reason why you do not see the login box all the time is because
your browser caches the login+password in memory, for as long as the
browser sees fit. The HTTP standard recommends such caching for very
obvious reasons (would not be possible to browse otherwise), but do not
put a limit on how long this should be cached and this detail is left up
to the implementation of the browser.

> I've looked at the various time-to-live settings in squid.conf but I think
> things have changed between versions.

The time-to-live settings does not apply to the question. It only
applies to how long Squid internally caches that the login+password is
indeed valid without having to verify this with the authentication
helper on each and every request.

Regards
Henrik

-- 
Free Squid-users support provided by Henrik Nordström <hno@squid-cache.org>
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org
If you need commercial Squid support or cost effective Squid and
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, info@marasystems.com
Received on Wed Apr 16 2003 - 08:30:57 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:15:00 MST