On mån, 2008-07-14 at 06:59 -0600, Russell Suter wrote: > To me, the behavior is broken. No. > Either the single connection > to the cache parent should provide the correct user > credentials, or there should be one persistent connection per > user. Authentication in HTTP is per message, not per connection. each message sent over the persistent connection includes the authentication credentials for that message. The credentials on one message MUST NOT have any implications on the following message. If you don't beleive this fire up wireshark and look at the requests sent to the parent by Squid. The exception to this is the Microsoft authentication schemes which violate the HTTP transport requirements completely by associating authentication with hop-by-hop connections instead of end-to-end messages.. > To have multiple requests from different users be > represented by only one user is wrong... Yes, but that's not Squid's fault in this case. Regards Henrik
