Re: [squid-users] logging ident while avoiding an ident lookup for each request

From: Marc Haber <mh+squid-users_at_zugschlus.de>
Date: Mon, 26 May 2008 12:02:12 +0200

On Fri, May 23, 2008 at 07:39:04AM +0800, Adrian Chadd wrote:
> On Thu, May 22, 2008, Marc Haber wrote:
> > > Nope, but you have to figure out how to get the browser to always present
> > > the cookie, regardless of domain.
> >
> > Ah, ok, I _was_ naive for that.
> >
>
> Some commercial stuff used to do cookie-insert for every domain that
> was going through the proxy; I think it worked by inserting a cookie
> with a special name that was then used as an authentication token.

That could work, but why the trick with the special name? One could
just set an "X-squid-ID:" to the identd value obtained from the client.

> I have no idea if this'll work for CONNECT (I didn't think cookies were
> thrown across the initial CONNECT session)

CONNECT connections usually last a little bit longer, so I could
probably live with a single identd request per CONNECT.

> Besides, how many connections a second are you talking about? A modern
> box can handle thousands a second.

The box running the clients is an X host for 300 users using hogs like
Mozilla and OpenOffice.org, so while it is surely possible to handle
one ident request by http request, I have an intense dislike for that
solution and would love to have a way to cut down on the number of
ident requests that does not require users to explicitly log in to
surf the web.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 3221 2323190
Received on Mon May 26 2008 - 10:02:16 MDT

This archive was generated by hypermail 2.2.0 : Tue Aug 05 2008 - 01:05:14 MDT