On Mon, 16 May 2011, Marcel Roelofs wrote:
Attached you find a patch that fixes the problem (and changes the order of
some initialization statements to make them appear somewhat more logical,
now I had to read them back myself).
Thanks, applied now!
2) In every client-server request, it re-authenticates, is it by design?
Interesting to see how different browsers deal with this:
- Chrome and Firefox behave like curl: every subsequent request starts
afresh, ie. not using any knowledge that a subsequent request may also
need negotiate authentication
- IE already adds a Negotiate header if it knows that a particular
path uses Negotiate authentication. This saves one round trip per
request.
Right, and that's what libcurl does for other authentication methods. I'm
certainly not a Negotiate expert but I figure curl should be able to do this.
NTLM remembers that a connection is already authenticated, and apparently
doesn't need any additional authentication for subsequent requests on the
same connection.
Correct. NTLM is an abonination and violates fundamental HTTP principles. Yet
it continues to exist and be used...
--
/ daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
