> > What you are describing is the violation behaviour created by using the > > authenticate_shortcircuit_ip hack. Which forces Squid to make a > > stateful link between IP and user credentials. The first set of > > credentials received are used instead of challenging following requests > > which are missing credentials. ie the second and third user to try and > > access never get challenged to add their own usernames to their requests. > > I don't have any options neither in config nor in source files nor in cachemgr config output for shortcircuit. > > Squid is 3.1.0.15 > > Thank you for this great tip. That is exactly the problem I am facing (I can assure you taht I did not have this problem with older squids as far as I recall). I will try with a newer version and see if the issue is reproducible or was a bug. > > Rest of your comments are appreciated Amos. As always, I pay great attention to them. > > J This issue was an IE8.0 problem. Apparently, no matter what username you specify, it accepts the user and pass and sends fsck-all whichever random username you used before. Even a reboot does not help sometimes. Returning an Access Denied sometimes helps, sometimes does not. Duh! So many days I spent on this. It was obvious. No need to modify any squid values.
