On Fri, 8 Apr 2005, Mark McCorkle wrote:
Here comes the tricky part. When squid_redirector.pl gets a request that is flaged as a "brand new" session, it does the action I need it to and then it clears the flag. Then, a user closes their browser (which clears the http auth credentials on their side) and then 1 minute later opens up their browser again. Even though the browser has to prompt them for their credentials again, I have no way to know that the user closed their browser -- and if they are within their "timeout" value, I have no way to let squid_redirector.pl know to do his magic again.
Unfortunately not possible to detect reliably within the HTTP protocol. There is no session in HTTP.
If using Basic authentication then you can detect this by seeing a request without Proxy-Authentication from the users IP, at least if his browser is interactively prompting for the login+password. But there is also browsers sending requests without Proxy-Authentication sporadically during the session so it is not a very reliable method. You can match such requests using the req_hdr acl type or an external acl.
If using NTLM then there is absolutely no difference at all at the proxy if the user continues using the same browser window or closes his browser and opens a new.
Regards Henrik
