Re: Python Requests logging 401 immediately before 200

Fri, 20 Feb 2015 09:42:01 -0800 

On Friday, February 20, 2015 at 12:31:00 PM UTC-5, Chris Angelico wrote:
> On Sat, Feb 21, 2015 at 4:16 AM, Zach Dunlap <zrdun...@gmail.com> wrote:
> > INFO:requests.packages.urllib3.connectionpool:Starting new HTTP connection 
> > (1): localhost
> > DEBUG:requests.packages.urllib3.connectionpool:"GET 
> > /v1/documents?uri=000248e4331d4db5856df8fd427b3cdb.xml HTTP/1.1" 401 211
> > DEBUG:requests.packages.urllib3.connectionpool:"GET 
> > /v1/documents?uri=000248e4331d4db5856df8fd427b3cdb.xml HTTP/1.1" 200 18327
> >
> > As you can see the 400 and the 200 are the same document (only 1 can exist 
> > in ML with the same URI) and in MarkLogic's logs both are executed at the 
> > same time.
> >
> > Is this something I should be concerned about and should fix or is it just 
> > the log level I have set or something else I shouldn't worry about?
> >
> > r = 
> > requests.get('http://localhost:8004/v1/documents?uri=000248e4331d4db5856df8fd427b3cdb.xml',auth=HTTPDigestAuth('USER',
> >  'PASSWORD'))
> >
> 
> Short explanation: It's part of the protocol.
> 
> You're using Digest Auth, so what's happening here is that a request
> is sent without the authentication, and the inevitable 401 response is
> the signal that the request should be re-sent with credentials.
> 
> There's a massive debate as to whether or not it's correct to send
> unsolicited credentials. On the one hand, this "401 then 200" pattern
> takes extra internet round-trips (not that that's a big deal with
> localhost, but it's the same issue everywhere) and puts extra load on
> both server and client; but on the other hand, nobody wants their
> credentials sent to the wrong server, and it's not always easy to tell
> when they'll be needed. Without the 401, you can't know whether or not
> you need to authenticate, so if once you start sending unsolicited
> credentials, you basically have to keep on doing so.
> 
> If you don't have a problem with performance or latency, then consider
> this to be nothing more than a bit of log file spam. I'm not sure if
> the Python requests module can be easily configured to send
> credentials on the first query, but my advice is: don't even bother
> looking into that unless you have need to.
> 
> All the best!
> 
> ChrisA

Thanks very much for this it's extremely helpful! This clears it up and I think 
I will ignore it as log spam as you suggest.
-- 
https://mail.python.org/mailman/listinfo/python-list

Reply via email to