[squid-users] help to disconnect users after determinated time. TTL

jmperrote jmperrote at policia.rionegro.gov.ar
Thu Aug 15 15:30:31 UTC 2019

Hello Emmanuel, we finish implementing a solution on PHP script, getting 
the TTL time < 0 on the cachemgr, and it work.

The problem is that the param --> auth_param basic credentialsttl 3 
minutes, give this time (180 seconds), but if the user still navigating 
on the site, this value

"Check TTL" is not renewing when the user is navigating, so if the user not aplly any click on the page just when the counter "Check TTL" is 0, the user counter go to < 0.

It is posible introduce any param that tell to squid to renew the counter when a user is betwen the credentialsttl time and still navigating ?


El 13/8/19 a las 12:33, FUSTE Emmanuel escribió:
> Hello,
> Le 13/08/2019 à 17:06, jmperrote a écrit :
>> Hello Emmanuel regards for your answer.
>> We need a solution that if the user do not nothing for about a period
>> of time, for security reason, the reverse proxy request again the
>> authentication, how can resolv that ?
> You need to generate a failed auth to force client cache expiration/auth
> popup.
> So you need to manage your own intermediate cache/TTL in your PHP script.
> Put squid credentialttl at 5 minute.
> Squid will call your authenticator two times in ten minutes on an active
> "session" but zero time on a stale one. Issue an auth fail the next time
> even if the auth is ok in this case.
> Disable negative caching on squid to get it work.
> But  it is not very robust :
> At startup you will need two auth/popup to successfully connect
> Many pages do requests on your back, reseting the TTL
> Etc ....
> As http is stateless, it is more difficult as it sound.
> Perhaps something is doable with  kerberos/ticket authentication scheme,
> but I did not look at.
> Emmanuel.
>> We use aut_param basic with php script (ldap repository) for
>> authentication.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20190815/0b091171/attachment.html>

More information about the squid-users mailing list