Is it possible to customise caching for authentication Would kotlinlang #ktor

Is it possible to customise caching for authentica...

napperley

04/07/2019, 11:09 PM

Is it possible to customise caching for authentication? Would like to have caching cleared for basic authentication every time the server (via Netty) is started.

napperley

04/08/2019, 3:10 AM

Been trying to disable caching per route with the following:

Copy code

// ...
    get("/restricted") {
        // Completely disable the cache for this restricted path.
        call.response.header("Cache-Control", "no-cache, no-store, must-revalidate")
        call.response.header("Expires", 0)
        call.respondText("|Sample text. Testing 1234...|")
    }
// ...

napperley

04/08/2019, 3:13 AM

Unfortunately once basic authentication is successful with a route (in the authenticate block) it is cached on the client, unless the cache is cleared on the client side ☹️.

bdawg.io

04/08/2019, 3:16 AM

You can't control that server side. Caching only pertains to the content the client received back, not the request made

🆗 1

napperley

04/08/2019, 3:19 AM

What alternative options are there to ensure that basic authentication occurs every time a request is made by a client (worst case scenario)?

napperley

04/08/2019, 3:22 AM

Was hoping to achieve something similar to this Stack Overflow question in Ktor: https://stackoverflow.com/questions/49547/how-to-control-web-page-caching-across-all-browsers

bdawg.io

04/08/2019, 3:09 PM

You would need to have a unique realm name for every single request. Otherwise the client may cache the authentication used for the given Basic authentication realm. And you have no real way to prevent caching of these credentials.

👍 1

napperley

04/08/2019, 9:28 PM

In other words it is likely a different authentication method would need to be used, or switch to a protocol which provides fine grained control over caching, especially with authentication.

napperley

04/08/2019, 9:31 PM

Does Web Sockets provide options for doing fine grained caching?

napperley

04/08/2019, 9:35 PM

Developing HTTPS web APIs that will be used by different client apps (incl web apps). When testing the APIs via Postman authentication is enforced every time without caching. Wonder if the same behaviour would occur in Android/Desktop apps.

napperley

04/08/2019, 9:39 PM

Web apps always seem to cache authentication requests (HTTP/HTTPS), which is a big pain 🙁.

3 Views

Open in Slack

Previous Next