Python Requests logging 401 immediately before 200
Zach Dunlap
zrdunlap at gmail.com
Fri Feb 20 12:39:54 EST 2015
On Friday, February 20, 2015 at 12:31:00 PM UTC-5, Chris Angelico wrote:
> On Sat, Feb 21, 2015 at 4:16 AM, Zach Dunlap <zrdunlap at gmail.com> wrote:
> > INFO:requests.packages.urllib3.connectionpool:Starting new HTTP connection (1): localhost
> > DEBUG:requests.packages.urllib3.connectionpool:"GET /v1/documents?uri=000248e4331d4db5856df8fd427b3cdb.xml HTTP/1.1" 401 211
> > DEBUG:requests.packages.urllib3.connectionpool:"GET /v1/documents?uri=000248e4331d4db5856df8fd427b3cdb.xml HTTP/1.1" 200 18327
> >
> > As you can see the 400 and the 200 are the same document (only 1 can exist in ML with the same URI) and in MarkLogic's logs both are executed at the same time.
> >
> > Is this something I should be concerned about and should fix or is it just the log level I have set or something else I shouldn't worry about?
> >
> > r = requests.get('http://localhost:8004/v1/documents?uri=000248e4331d4db5856df8fd427b3cdb.xml',auth=HTTPDigestAuth('USER', 'PASSWORD'))
> >
>
> Short explanation: It's part of the protocol.
>
> You're using Digest Auth, so what's happening here is that a request
> is sent without the authentication, and the inevitable 401 response is
> the signal that the request should be re-sent with credentials.
>
> There's a massive debate as to whether or not it's correct to send
> unsolicited credentials. On the one hand, this "401 then 200" pattern
> takes extra internet round-trips (not that that's a big deal with
> localhost, but it's the same issue everywhere) and puts extra load on
> both server and client; but on the other hand, nobody wants their
> credentials sent to the wrong server, and it's not always easy to tell
> when they'll be needed. Without the 401, you can't know whether or not
> you need to authenticate, so if once you start sending unsolicited
> credentials, you basically have to keep on doing so.
>
> If you don't have a problem with performance or latency, then consider
> this to be nothing more than a bit of log file spam. I'm not sure if
> the Python requests module can be easily configured to send
> credentials on the first query, but my advice is: don't even bother
> looking into that unless you have need to.
>
> All the best!
>
> ChrisA
Thanks very much for this it's extremely helpful! This clears it up and I think I will ignore it as log spam as you suggest.
More information about the Python-list
mailing list