[ https://issues.apache.org/jira/browse/TS-1491?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13481878#comment-13481878 ]
Leif Hedstrom edited comment on TS-1491 at 10/22/12 10:34 PM: -------------------------------------------------------------- I must be missing something, but should it not be something like: {code} diff --git a/proxy/http/HttpSM.cc b/proxy/http/HttpSM.cc index fbafa0e..0b6e92e 100644 --- a/proxy/http/HttpSM.cc +++ b/proxy/http/HttpSM.cc @@ -4372,10 +4372,9 @@ HttpSM::do_http_server_open(bool raw) // gets to us, we should open a new connection for POST. I believe TS used // to do this but as far I can tell the code that prevented keep-alive if // there is a request body has been removed. if (raw == false && t_state.txn_conf->share_server_sessions && (t_state.txn_conf->keep_alive_post_out == 1 || t_state.hdr_info.request_content_length == 0) && - ua_session != NULL) { + !is_private() && ua_session != NULL) { shared_result = httpSessionManager.acquire_session(this, // state machine &t_state.current.server->addr.sa, // ip + port t_state.current.server->name, // hostname @@ -4402,7 +4401,7 @@ HttpSM::do_http_server_open(bool raw) // This bug was due to when share_server_sessions is set to 0 // and we have keep-alive, we are trying to open a new server session // when we already have an attached server session. - else if ((!t_state.txn_conf->share_server_sessions) && (ua_session != NULL)) { + else if ((is_private() || !t_state.txn_conf->share_server_sessions) && (ua_session != NULL)) { HttpServerSession *existing_ss = ua_session->get_server_session(); if (existing_ss) { {code} was (Author: zwoop): I must be missing something, but should it not be something like: {code{ diff --git a/proxy/http/HttpSM.cc b/proxy/http/HttpSM.cc index fbafa0e..0b6e92e 100644 --- a/proxy/http/HttpSM.cc +++ b/proxy/http/HttpSM.cc @@ -4372,10 +4372,9 @@ HttpSM::do_http_server_open(bool raw) // gets to us, we should open a new connection for POST. I believe TS used // to do this but as far I can tell the code that prevented keep-alive if // there is a request body has been removed. if (raw == false && t_state.txn_conf->share_server_sessions && (t_state.txn_conf->keep_alive_post_out == 1 || t_state.hdr_info.request_content_length == 0) && - ua_session != NULL) { + !is_private() && ua_session != NULL) { shared_result = httpSessionManager.acquire_session(this, // state machine &t_state.current.server->addr.sa, // ip + port t_state.current.server->name, // hostname @@ -4402,7 +4401,7 @@ HttpSM::do_http_server_open(bool raw) // This bug was due to when share_server_sessions is set to 0 // and we have keep-alive, we are trying to open a new server session // when we already have an attached server session. - else if ((!t_state.txn_conf->share_server_sessions) && (ua_session != NULL)) { + else if ((is_private() || !t_state.txn_conf->share_server_sessions) && (ua_session != NULL)) { HttpServerSession *existing_ss = ua_session->get_server_session(); if (existing_ss) { {code} > Browser always prompts for authentication (NTLM) > ------------------------------------------------ > > Key: TS-1491 > URL: https://issues.apache.org/jira/browse/TS-1491 > Project: Traffic Server > Issue Type: Bug > Components: Core > Reporter: Yakov Kopel > Assignee: Leif Hedstrom > Fix For: 3.2.3 > > Attachments: diff.patch > > Original Estimate: 1h > Remaining Estimate: 1h > > When the client surf through the ATS to a site of SharedPoint, the user get > NTLM prompt message again and again. > This is because of the reuse option that is turned on by default (u can turn > it off with the proxy.config.http.share_server_sessions option). > My attached patch turns on the private_session flag when the ATS gets auth > connection, and then it will not use the reuse option for this connection. > ---- > For further reading on this global bug in proxies: > http://blogs.msdn.com/b/asiatech/archive/2012/03/28/ie-always-prompts-for-authentication-when-browsing-through-proxy-server.aspx > Microsoft recommend at > (http://technet.microsoft.com/en-us/library/cc995189.aspx): > “we recommend that you use SSL encryption for the traffic between Forefront > TMG and the client. NTLM authentication is per connection, and encryption > prevents improper reuse of connections by legacy proxy devices on the > Internet.” -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira