[
https://issues.apache.org/jira/browse/TS-1491?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13481878#comment-13481878
]
Leif Hedstrom edited comment on TS-1491 at 10/22/12 10:34 PM:
--------------------------------------------------------------
I must be missing something, but should it not be something like:
{code}
diff --git a/proxy/http/HttpSM.cc b/proxy/http/HttpSM.cc
index fbafa0e..0b6e92e 100644
--- a/proxy/http/HttpSM.cc
+++ b/proxy/http/HttpSM.cc
@@ -4372,10 +4372,9 @@ HttpSM::do_http_server_open(bool raw)
// gets to us, we should open a new connection for POST. I believe TS used
// to do this but as far I can tell the code that prevented keep-alive if
// there is a request body has been removed.
if (raw == false && t_state.txn_conf->share_server_sessions &&
(t_state.txn_conf->keep_alive_post_out == 1 ||
t_state.hdr_info.request_content_length == 0) &&
- ua_session != NULL) {
+ !is_private() && ua_session != NULL) {
shared_result = httpSessionManager.acquire_session(this, // state
machine
&t_state.current.server->addr.sa, // ip + port
t_state.current.server->name, // hostname
@@ -4402,7 +4401,7 @@ HttpSM::do_http_server_open(bool raw)
// This bug was due to when share_server_sessions is set to 0
// and we have keep-alive, we are trying to open a new server session
// when we already have an attached server session.
- else if ((!t_state.txn_conf->share_server_sessions) && (ua_session != NULL))
{
+ else if ((is_private() || !t_state.txn_conf->share_server_sessions) &&
(ua_session != NULL)) {
HttpServerSession *existing_ss = ua_session->get_server_session();
if (existing_ss) {
{code}
was (Author: zwoop):
I must be missing something, but should it not be something like:
{code{
diff --git a/proxy/http/HttpSM.cc b/proxy/http/HttpSM.cc
index fbafa0e..0b6e92e 100644
--- a/proxy/http/HttpSM.cc
+++ b/proxy/http/HttpSM.cc
@@ -4372,10 +4372,9 @@ HttpSM::do_http_server_open(bool raw)
// gets to us, we should open a new connection for POST. I believe TS used
// to do this but as far I can tell the code that prevented keep-alive if
// there is a request body has been removed.
if (raw == false && t_state.txn_conf->share_server_sessions &&
(t_state.txn_conf->keep_alive_post_out == 1 ||
t_state.hdr_info.request_content_length == 0) &&
- ua_session != NULL) {
+ !is_private() && ua_session != NULL) {
shared_result = httpSessionManager.acquire_session(this, // state
machine
&t_state.current.server->addr.sa, // ip + port
t_state.current.server->name, // hostname
@@ -4402,7 +4401,7 @@ HttpSM::do_http_server_open(bool raw)
// This bug was due to when share_server_sessions is set to 0
// and we have keep-alive, we are trying to open a new server session
// when we already have an attached server session.
- else if ((!t_state.txn_conf->share_server_sessions) && (ua_session != NULL))
{
+ else if ((is_private() || !t_state.txn_conf->share_server_sessions) &&
(ua_session != NULL)) {
HttpServerSession *existing_ss = ua_session->get_server_session();
if (existing_ss) {
{code}
> Browser always prompts for authentication (NTLM)
> ------------------------------------------------
>
> Key: TS-1491
> URL: https://issues.apache.org/jira/browse/TS-1491
> Project: Traffic Server
> Issue Type: Bug
> Components: Core
> Reporter: Yakov Kopel
> Assignee: Leif Hedstrom
> Fix For: 3.2.3
>
> Attachments: diff.patch
>
> Original Estimate: 1h
> Remaining Estimate: 1h
>
> When the client surf through the ATS to a site of SharedPoint, the user get
> NTLM prompt message again and again.
> This is because of the reuse option that is turned on by default (u can turn
> it off with the proxy.config.http.share_server_sessions option).
> My attached patch turns on the private_session flag when the ATS gets auth
> connection, and then it will not use the reuse option for this connection.
> ----
> For further reading on this global bug in proxies:
> http://blogs.msdn.com/b/asiatech/archive/2012/03/28/ie-always-prompts-for-authentication-when-browsing-through-proxy-server.aspx
> Microsoft recommend at
> (http://technet.microsoft.com/en-us/library/cc995189.aspx):
> “we recommend that you use SSL encryption for the traffic between Forefront
> TMG and the client. NTLM authentication is per connection, and encryption
> prevents improper reuse of connections by legacy proxy devices on the
> Internet.”
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
