[...]
>> negotiation (this is what they call it in the specs) is a request header based
>> concept. The only request header
>> available for negotiation is the cookie header. I am not getting the point why that is such >> a "very bad idea (tm)"?
>No, the bottom line is that using the same URL for personalized and
>anonymous content do not work if rendered by the web server, as HTTP do
>not support such split in a reasonable manner.
[...]
>but Cookie is kind of a kitchen sink with lots of crap getting
>into it making the variance in Cookie headers large even for anonymous
>access on most sites. Caching of urls like this can only work if you
>design the site such that only authenticated sessions have some form of
>cookie and anonymous / logged out users have absolutely no cookies at
>all (or at least none which varies with the user, to tracking cookies,
>no stale session cookies)
>Regards
>Henrik
Agreed. Thanks - i think i got the point now. In that special case
i am lucky.
We do not use cookies - except for session-handling. And moreover we do
not want to cache personalized content. So i can easily add a "no-cache"
header in the Apache whenever the user requestes a ressource with
a cookie header.
Yes - and i have to deal with unsetting stale session-cookies.
Regards and thanX for your help
achim
Received on Wed Sep 16 2009 - 09:39:46 MDT
This archive was generated by hypermail 2.2.0 : Wed Sep 16 2009 - 12:00:03 MDT