On fre, 2008-05-23 at 22:02 -0400, Tuc at T-B-O-H.NET wrote: > 1) If the auth_param basic timetolive is (for example) 120 minutes, > and 10 minutes after the client authenticates the ID is deleted, they'll > still get 110 minutes of browsing time, correct? Correct. > 2) I did a quick look at the module, and while I'm far from a C > programmer, it doesn't appear that you look for anything from the response > except "Access-Accept" (PW_AUTHENTICATION_ACK). If this is true, has any thought > been given, if it isn't somewhere already and I missed it, to abiding by the > "Session-Timeout" parameter? It hasn't been discussed before. > Is it even possible given the rest of squid to > keep track of a "timetolive" per connection, or would another helper or a > custom helper need to be written to address this? Squid will need to be modified slightly to enable basic auth helpers to return the session timeout, but it's not a big change. Regards Henrik
Attachment:
signature.asc
Description: This is a digitally signed message part
