can persistent auth be disabled?

TL;DR

Is there a way to force persistent authentication to be off? To put it
another way, if I add this line:

neg_ctx->noauthpersist = true;

here: https://github.com/curl/curl/blob/master/lib/http_negotiate.c#L140

It fixes my problems. Can I do that through the API somehow?

Gory details:

I'm using the multi interface with CURLOPT_HTTPAUTH set to CURLAUTH_ANY. My
program starts a bunch of requests all at once against a server that
doesn't support persistent auth so it challenges each request SPNEGO style.
Unfortunately curl seems to assume persistent auth. After one successfully
negotiation, it seems to interpret the next SPNEGO challenge as a 401 error
instead of a hint to retry with an auth header as it should. After that
error it no longer thinks it's authenticated so the next request's
challenge works. And so on.

The result is that 50% of all the requests fail with a 401 and 50% properly
retry SPNEGO style. That probably indicates a curl bug but in my case I
know I don't want persistent authentication anyway. So I'd like to just
turn it off.

Is there a way to do that?

Thanks for the help,

Whitney

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2020-02-24