https://kotlinlang.org logo
#ktor
Title
# ktor
n

napperley

04/07/2019, 11:09 PM
Is it possible to customise caching for authentication? Would like to have caching cleared for basic authentication every time the server (via Netty) is started.
Been trying to disable caching per route with the following:
Copy code
// ...
    get("/restricted") {
        // Completely disable the cache for this restricted path.
        call.response.header("Cache-Control", "no-cache, no-store, must-revalidate")
        call.response.header("Expires", 0)
        call.respondText("|Sample text. Testing 1234...|")
    }
// ...
Unfortunately once basic authentication is successful with a route (in the authenticate block) it is cached on the client, unless the cache is cleared on the client side ☹️.
b

bdawg.io

04/08/2019, 3:16 AM
You can't control that server side. Caching only pertains to the content the client received back, not the request made
🆗 1
n

napperley

04/08/2019, 3:19 AM
What alternative options are there to ensure that basic authentication occurs every time a request is made by a client (worst case scenario)?
Was hoping to achieve something similar to this Stack Overflow question in Ktor: https://stackoverflow.com/questions/49547/how-to-control-web-page-caching-across-all-browsers
b

bdawg.io

04/08/2019, 3:09 PM
You would need to have a unique realm name for every single request. Otherwise the client may cache the authentication used for the given Basic authentication realm. And you have no real way to prevent caching of these credentials.
👍 1
n

napperley

04/08/2019, 9:28 PM
In other words it is likely a different authentication method would need to be used, or switch to a protocol which provides fine grained control over caching, especially with authentication.
Does Web Sockets provide options for doing fine grained caching?
Developing HTTPS web APIs that will be used by different client apps (incl web apps). When testing the APIs via Postman authentication is enforced every time without caching. Wonder if the same behaviour would occur in Android/Desktop apps.
Web apps always seem to cache authentication requests (HTTP/HTTPS), which is a big pain 🙁.
3 Views