Caching of a HTTP/1.1 401 Unauthorized response?



  • It does seem, that davdroid could benefit from caching the server responses where it is asked to authorize, e.g.

    37.201.X - - [30/May/2016:00:33:08 +0000] "PUT /sabretest/cal.php/calendars/admin/testing/b8f655dc-48cb-4f87-ab4a-e38ed5ddbeac.ics HTTP/1.1" 401 432 "-" "DAVdroid/1.0.9.1 (2016/05/27; dav4android; okhttp3) Android/5.1.1"
    37.201.X - - [30/May/2016:00:33:09 +0000] "PUT /sabretest/cal.php/calendars/admin/testing/b8f655dc-48cb-4f87-ab4a-e38ed5ddbeac.ics HTTP/1.1" 201 - "-" "DAVdroid/1.0.9.1 (2016/05/27; dav4android; okhttp3) Android/5.1.1"
    
    37.201.X - - [30/May/2016:00:33:09 +0000] "REPORT /sabretest/cal.php/calendars/admin/testing/ HTTP/1.1" 401 473 "-" "DAVdroid/1.0.9.1 (2016/05/27; dav4android; okhttp3) Android/5.1.1"
    37.201.X - - [30/May/2016:00:33:09 +0000] "REPORT /sabretest/cal.php/calendars/admin/testing/ HTTP/1.1" 207 1086 "-" "DAVdroid/1.0.9.1 (2016/05/27; dav4android; okhttp3) Android/5.1.1"`
    

    Every Time davdroid is told to authenticate, (WWW-Authenticate: Digest realm="...") and does so in the subsequent request, but "forgets it" immediately after. Wouldn't it be wise to authenticate in the next X sessions from the beginning as well ? Could save some round-trips...


  • developer

    @kralo This only happens when you're using Digest auth.

    1. Please use Basic auth (the only useful case I can imagine for Digest auth is to authenticate against external services; in terms of security, there should be no advantage because TLS should be used in any case) and set DAVdroid to pre-emptive auth (= always send the authentication header with the request), or
    2. improve the BasicDigestAuthenticator, which I had to write from scratch (I guess it would not be much work, you would have to check the realm and perhaps domain, insert the tokens and handle re-authentication) because okhttp doesn't provide (Digest) auth by default (and they didn't want my implementation; you can also read about extra round-trips there).

  • developer

    Since dav4android ff40bfd, credentials are cached for Digest authentication, too.


Log in to reply
 

Looks like your connection to Bitfire App Forums was lost, please wait while we try to reconnect.