Including a header line for Digest Authentication to avoid the authentication required event?

James_Sentman · November 19, 2017, 3:23pm

Hi Folks,

When making repeated requests via basic authentication I can create the Authorization: basic header myself and include it in the headers of future requests to avoid having to make 2 requests for every 1 request that I want to make. Is it possible to do the same thing for Digest authentication? I had thought that I should be able to grab the request header Authorization as it should be all setup by the socket and I could just re-insert it with each identical request. This doesnt work however because it seems the request headers are no longer available in the pageReceived (or receive Progress) events so all I get is an empty string.

Its possible it wouldnt work anyway as it might be sending a difference nonce or something with each request, I dont know that yet, but Id like to avoid the extra back and forth of a whole extra request to get the authentication required event every time if possible.

If I cant get the data that the xojo.net.HTTPSocket is calculating for it, is the only option to re-calculate it myself? Id really like to preserve that header if at all possible.

James_Sentman · November 19, 2017, 9:34pm

And now that Ive learned a little bit more about it this wouldnt work anyway since the whole point of it is that you cant sniff the nonce and re-use it, it has to be different for each hit. Which is great as far as that goes, but it means that by switching from basic authentication to this these guys have doubled the number of hits their little tiny embedded firmware servers have to handle… But Im sure it makes sense somewhere. The least they could have done was to implement a keep-alive connection so that I wouldnt have to startup a whole new socket each time, but alas, no. It has to be 2 connections to do the work of one Oh well