[New-bugs-announce] [issue7159] Urllib2 authentication memory.

Brad Olson report at bugs.python.org
Sat Oct 17 17:32:39 CEST 2009

New submission from Brad Olson <brado at movedbylight.com>:

For each request requiring HTTP authentication, urllib2 submits the
request without authentication, receives the server's 401
error/challenge, then re-submits the request with authentication.

This is compliant behavior. The problem comes in that urllib2 repeats
this for every ensuing request to the same namespace.

At times this is just an inefficiency--every request gets sent twice,
often with POST data (which can be sizeable).

Sometimes, especially with large POST bodies, this causes a connection

(Mercurial suffers greatly from this (and I have suggested workaround to
that team.)

This isn't non-compliant behavior, but RFC2617 (sections 2, 3.3)
suggests that once an HTTP client authenticates, it pre-emptively send
authentication with ensuing requests.

More analysis and fix suggestions at

components: Library (Lib)
messages: 94180
nosy: bradobro
severity: normal
status: open
title: Urllib2 authentication memory.
type: behavior
versions: Python 2.6

Python tracker <report at bugs.python.org>

More information about the New-bugs-announce mailing list