Hello Emmanuel, we finish implementing a solution on PHP script, getting
the TTL time < 0 on the cachemgr, and it work.
The problem is that the param --> auth_param basic credentialsttl 3
minutes, give this time (180 seconds), but if the user still navigating
on the site, this value
"Check TTL" is not renewing when the user is navigating, so if the user not aplly any click
on the page just when the counter "Check TTL" is 0, the user counter go to < 0.
It is posible introduce any param that tell to squid to renew the counter when
a user is betwen the credentialsttl time and still navigating ?
regards.
El 13/8/19 a las 12:33, FUSTE Emmanuel escribió:
Hello,
Le 13/08/2019 à 17:06, jmperrote a écrit :
Hello Emmanuel regards for your answer.
We need a solution that if the user do not nothing for about a period
of time, for security reason, the reverse proxy request again the
authentication, how can resolv that ?
You need to generate a failed auth to force client cache expiration/auth
popup.
So you need to manage your own intermediate cache/TTL in your PHP script.
Put squid credentialttl at 5 minute.
Squid will call your authenticator two times in ten minutes on an active
"session" but zero time on a stale one. Issue an auth fail the next time
even if the auth is ok in this case.
Disable negative caching on squid to get it work.
But it is not very robust :
At startup you will need two auth/popup to successfully connect
Many pages do requests on your back, reseting the TTL
Etc ....
As http is stateless, it is more difficult as it sound.
Perhaps something is doable with kerberos/ticket authentication scheme,
but I did not look at.
Emmanuel.
We use aut_param basic with php script (ldap repository) for
authentication.
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
