Concurent Basic auth

[lysektomas]

Hi, is it possible to make auth concuretly for two users?

I am using your default Basic authentication example.

Example: User 1 opened page, basic auth prompt shows up. He didnt write anything and has opened prompt. User 2 wants to open page, but he can't. Loading bar is still loading and BasicAuth prompt is not showing up.

WSGI app is not serving any requests.

Is it possible to make this http basic auth non blocking?

Thanks, Tomas

[miguelgrinberg]

This is a problem with your web server, this package has no restrictions on number of concurrent users.

[TitaniumHocker]

How many WSGI(gunicorn, uwsgi, apache) workers are working on server? Seems like only one)

[lysektomas]

Well yes it is. But if i use two threads problem will occur with two blocking users, isnt it?

[TitaniumHocker]

Yes, and this is normal behavior for non-asynchronous code. Flask does not support (yet) asynchronous operation. Just add more workers and set appropriate timeouts.

[miguelgrinberg]

I'm sorry but no, this is completely incorrect. A server with N workers can handle many more than N clients, because HTTP connections are short lived. A server with even one worker should be able to talk to several clients.

As I said above, this package does not have any limitations on concurrent users. Flask also does not have any limitations. The issue is caused by your web server (of which you have provided no information) or by your application, which might be blocking and preventing the server from recycling workers promptly.

[TitaniumHocker]

One worker at one moment can process only one request. Browser can open connection to the server while waiting for input in basic auth form. While connection is opened worker is blocked and can't to handle other clients. This situation looks like a very slow client is being processed.

UPD: You can reproduce a similar situation by running this example with this command: flask run --no-reload --without-threads

[miguelgrinberg]

@TitaniumHocker When the client submits a request for a page that is protected by authentication the server just returns a 401 response and the request ends. While the browser asks the user to enter login credentials the server is free to accept requests from other clients. I'm not sure which browser you are using that holds on to the connection while it waits for the user to type. Makes no sense to me.

[lysektomas]

I have still issue with your example with blocking, but it seems to be a bug in firefox - when I open same adress in chrome it is working. So firefox problably allows only one http basic auth prompt.

I have solved my issue with gunicorn and 8 threads. Two browsers is still not working with one thread, but it could be from two wsgi app combined using DispatcherMiddleware from werkzeug.