On Wed, 3 Mar 2004, berrabah abdelrani wrote:
> We use Squid for authenticating users; Our purpose is
> to force users to reauthenticate after each 1 hour;
This is not possible in HTTP.
The problem is that the "authentication session" is within the browser,
not the proxy. To the proxy the browser re-authenticates on each and every
request. The reason why you do not see a login box all the time is because
the browser caches the login+password and reuses the same on all future
requests to the proxy.
Some browsers have a idle timeout setting where they can forget the login
if there has not been any activity for a certain period of time. Not all
browsers have this, and the proxy have no control over how long this
period is.
> We have used authenticate_ttl
This is not at all related to the question.
Regards
Henrik
Received on Wed Mar 03 2004 - 03:56:48 MST
This archive was generated by hypermail pre-2.1.9 : Thu Apr 01 2004 - 12:00:01 MST