curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

can persistent auth be disabled?

From: Whitney Jackson via curl-library <>
Date: Fri, 21 Feb 2020 16:14:45 -0700


Is there a way to force persistent authentication to be off? To put it
another way, if I add this line:

neg_ctx->noauthpersist = true;


It fixes my problems. Can I do that through the API somehow?

Gory details:

I'm using the multi interface with CURLOPT_HTTPAUTH set to CURLAUTH_ANY. My
program starts a bunch of requests all at once against a server that
doesn't support persistent auth so it challenges each request SPNEGO style.
Unfortunately curl seems to assume persistent auth. After one successfully
negotiation, it seems to interpret the next SPNEGO challenge as a 401 error
instead of a hint to retry with an auth header as it should. After that
error it no longer thinks it's authenticated so the next request's
challenge works. And so on.

The result is that 50% of all the requests fail with a 401 and 50% properly
retry SPNEGO style. That probably indicates a curl bug but in my case I
know I don't want persistent authentication anyway. So I'd like to just
turn it off.

Is there a way to do that?

Thanks for the help,


Received on 2020-02-24