On Tue, 1 Nov 2005, Senthil Murugan wrote:
the original website that he/she was trying to access. But this time the browser will not send the cookie credentials bcos, the is a different domain. You explained as, "since the proxy has the full control of the traffic passing thru it, it can play games on the browser and issue cookie for all the visited domains". But with this, only the proxy can add the credentials but what actually needed is, only the proxy needs the credentials from the browser. How come the works or i am not understood clearly?
There is always the domain of the proxy, to which the browser sends it's cookies. To transport the session cookie to another domain a double redirect is used via the proxy domain, temporarily carrying the session details in an "magic" URL to the visited domain which then issues the cookie and redirects back to the originally requested page on the same domain.
I have done this kind of solutions for reverse proxies using Squid, and it is not hard (you only need a HTTP server maintaining the session, and a little thinking on how to use external acls). Only difficulty wrt doing it in a forward proxy is that you need to modify the proxy to not forward the session cookie to the requested site and for this some new Squid modifications will be needed (i.e. the filtering of the cookie is not possible with what is available for Squid today)
Regards Henrik
