<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Hello Emmanuel, we finish implementing a solution on PHP script,
getting the TTL time < 0 on the cachemgr, and it work.</p>
<p>The problem is that the param --> auth_param basic
credentialsttl 3 minutes, give this time (180 seconds), but if the
user still navigating on the site, this value <br>
</p>
<pre><pre>"Check TTL" is not renewing when the user is navigating, so if the user not aplly any click on the page just when the counter "Check TTL" is 0, the user counter go to < 0.
It is posible introduce any param that tell to squid to renew the counter when a user is betwen the credentialsttl time and still navigating ?
regards.
</pre></pre>
<p><br>
</p>
<p><br>
</p>
<div class="moz-cite-prefix">El 13/8/19 a las 12:33, FUSTE Emmanuel
escribió:<br>
</div>
<blockquote type="cite"
cite="mid:2d13100e-f4a7-3187-ecbe-67eb8d210310@thalesgroup.com">
<pre class="moz-quote-pre" wrap="">Hello,
Le 13/08/2019 à 17:06, jmperrote a écrit :
</pre>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">Hello Emmanuel regards for your answer.
We need a solution that if the user do not nothing for about a period
of time, for security reason, the reverse proxy request again the
authentication, how can resolv that ?
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">You need to generate a failed auth to force client cache expiration/auth
popup.
So you need to manage your own intermediate cache/TTL in your PHP script.
Put squid credentialttl at 5 minute.
Squid will call your authenticator two times in ten minutes on an active
"session" but zero time on a stale one. Issue an auth fail the next time
even if the auth is ok in this case.
Disable negative caching on squid to get it work.
But it is not very robust :
At startup you will need two auth/popup to successfully connect
Many pages do requests on your back, reseting the TTL
Etc ....
As http is stateless, it is more difficult as it sound.
Perhaps something is doable with kerberos/ticket authentication scheme,
but I did not look at.
Emmanuel.
</pre>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">
We use aut_param basic with php script (ldap repository) for
authentication.
</pre>
</blockquote>
</blockquote>
</body>
</html>