DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=29439>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=29439 Credentials ignored if realm specified in preemptive authentication ------- Additional Comments From [EMAIL PROTECTED] 2004-06-09 09:18 ------- Ortwin, As long as preemptive auth is irrelevant without a null realm, a warning message is a solution. But I don't personally think it is defensive enough since it disable preemptive auth and it could result in large performance degradation since you have to repeat (multi-megabytes?) POST requests two times to get through. It can even not work at all when you expect preemptive auth to work in a load balanced web server environment (load balancing is not configured to maintain sessions). What happens is that the first request goes to server 1 and answer is 401 (with a session id cookie) and then the second request goes to another server 2 who accepts the credentials BUT refuses the session id (answer is 401 invalid- session id!). It may sound tricky, but actually happens! So, since preemptive auth without a null realm is useless, would it be possible to assume null realms if auth is preemtive in : Credentials creds = (Credentials) map.get(entry) ? Maybe using a Comparable interface on Credentials objects ? And BTW, thanks for you quick and efficient support, Philippe --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
