> Problem with client based approaches is basic and digest
> authentication
> browser-side credentials caching..
>
> I don't see from where you find that NTLM auth has a problem
> with URL load
> balancing.. NTLM is between the browser and the first proxy
> contacted, so is
> Basic/Digest.
There are three possible scenarios, all equally bad.
First: the server is chosen only upon the first request
of a kept-alive string.
This is bad, because then you do a lousy cache selection work.
Second: the cache is chosen upon each request. There are two
sub-scenarios here.
1) The load balancer does not do connection pooling
This means that every time a request goes to a different cache than
the previous, you have to re-auth. NTLM auth is not cheap, I think
the overhead of a single auth attempt might be in the 6 Kb range,
possibly for each requested URL. That's 37% worst-case overhead
with an average object size of 16 Kb.
2) The load balancer does connection pooling
Even worse: it's instant session-hijacking.
Any way you put it, connection-based state in HTTP is a losing proposition.
Not trying to be too smart is IMO the only way to survive.
-- /kinkieReceived on Thu Jul 18 2002 - 05:44:05 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:09:17 MST