Bug 128006

Summary:

Coalesce authentication credential requests

Product:

WebKit

Reporter:

Daniel Bates <dbates>

Component:

Page Loading

Assignee:

Chris Dumez <cdumez>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

ap, barraclough, beidson, cdumez, commit-queue, darin, dbates, ddkilzer, mjs, webkit-bug-importer

Priority:

Keywords:

InRadar

Version:

528+ (Nightly build)

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	none
Patch	none
Patch	none

Description Daniel Bates 2014-01-31 12:01:43 PST

We should look to coalesce authentication credential requests such that we ask the client to display the minimum number of authentication dialogs needed to access the requested resources.

One example of how this issue manifests itself is in the WebKit Bot Watcher's Dashboard with a Buildbot that requires HTTP authentication. At the time of writing, the WebKit Bot Watcher's Dashboard is coded such that each queue makes an independent XML HTTP request to its associated Buildbot for content. Assuming there are at least two queues associated with a Buildbot that requires HTTP authentication and looking only at requests sent by the queues, there may be at most two XML HTTP requests that are made and hence Safari will prompt for credentials twice.

Comment 1 Alexey Proskuryakov 2014-01-31 14:37:59 PST

This is usually not an issue because main resource tends to be authenticated, and subsequent loads don't start until it loads.

But it can get really annoying for something like the dashboard. Also, reopening windows after browser restart can result in multiple requests for the same credentials, if you had the same site open in multiple windows.

Comment 2 David Kilzer (:ddkilzer) 2014-02-07 10:55:11 PST

(In reply to comment #1)
> This is usually not an issue because main resource tends to be authenticated, and subsequent loads don't start until it loads.
> 
> But it can get really annoying for something like the dashboard. Also, reopening windows after browser restart can result in multiple requests for the same credentials, if you had the same site open in multiple windows.

This behavior drives me crazy every time I restart Safari.

Comment 3 Radar WebKit Bug Importer 2014-05-07 07:57:43 PDT

<rdar://problem/16839069>

Comment 4 Chris Dumez 2015-07-31 15:02:53 PDT

*** Bug 147496 has been marked as a duplicate of this bug. ***

Comment 5 Chris Dumez 2015-07-31 15:07:31 PDT

Created attachment 257965 [details]
Patch

Comment 6 Alexey Proskuryakov 2015-07-31 16:04:29 PDT

Comment on attachment 257965 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=257965&action=review

> Source/WebKit2/Shared/Authentication/AuthenticationManager.cpp:58
> +    // Do not coalesce server trust evaluation requests.

This comment either needs to explain why, or to be dropped.

> Source/WebKit2/Shared/Authentication/AuthenticationManager.cpp:73
> +uint64_t AuthenticationManager::addChallengeToHashMap(const WebCore::AuthenticationChallenge& authenticationChallenge)

I'd say addChallengeToChallengeMap. Not a great name, but spelling out the data type in "addChallengeToHashMap" seems even less useful.

> Source/WebKit2/Shared/Authentication/AuthenticationManager.cpp:95
> +Vector<uint64_t> AuthenticationManager::coalesceChallenges(uint64_t challengeID) const

This took me awhile to understand - why does a "coalesce" function take a single challenge, what can it coalesce it with?

How would you feel about one of these ideas:
- coalesceChallengesMatching(uint64_t challengeID)
- or coalesceChallenges(const ProtectionSpace&)

Comment 7 Chris Dumez 2015-07-31 16:09:24 PDT

Comment on attachment 257965 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=257965&action=review

>> Source/WebKit2/Shared/Authentication/AuthenticationManager.cpp:58
>> +    // Do not coalesce server trust evaluation requests.
> 
> This comment either needs to explain why, or to be dropped.

Proposing: "Do not coalesce server trust evaluation requests because ProtectionSpace comparison does not evaluate server trust (e.g. certificate)."

>> Source/WebKit2/Shared/Authentication/AuthenticationManager.cpp:95
>> +Vector<uint64_t> AuthenticationManager::coalesceChallenges(uint64_t challengeID) const
> 
> This took me awhile to understand - why does a "coalesce" function take a single challenge, what can it coalesce it with?
> 
> How would you feel about one of these ideas:
> - coalesceChallengesMatching(uint64_t challengeID)
> - or coalesceChallenges(const ProtectionSpace&)

I'd prefer the first one. The second one is clear but a bit annoying because we then have to move the HashMap lookup to every call site.

Comment 8 Chris Dumez 2015-07-31 16:14:20 PDT

Created attachment 257977 [details]
Patch

Comment 9 Chris Dumez 2015-07-31 16:56:05 PDT

Comment on attachment 257977 [details]
Patch

Clearing flags on attachment: 257977

Committed r187691: <http://trac.webkit.org/changeset/187691>

Comment 10 Chris Dumez 2015-07-31 16:56:10 PDT

All reviewed patches have been landed.  Closing bug.

Comment 11 Chris Dumez 2015-08-08 20:19:03 PDT

Reopening to attach new patch.

Comment 12 Chris Dumez 2015-08-08 20:19:07 PDT

Created attachment 258586 [details]
Patch

Comment 13 Chris Dumez 2015-08-08 20:22:00 PDT

Uploaded a follow-up patch to fix post-mortem review comments from Darin on Bug 147496.

Comment 14 WebKit Commit Bot 2015-08-09 15:20:54 PDT

Comment on attachment 258586 [details]
Patch

Clearing flags on attachment: 258586

Committed r188198: <http://trac.webkit.org/changeset/188198>

Comment 15 WebKit Commit Bot 2015-08-09 15:21:00 PDT

All reviewed patches have been landed.  Closing bug.