Jason Riedy writes:
>Oh well. Jeff Newton writes:
> - 1) How does squid work with cookies. Eg. my.yahoo.com where the
> - cookie specifies users and is required to update frequently (checking
> - stock quotes etc)
>
>And Duane Wessels responds:
> -
> - replies with set-cookie headers are not cached in v1.1. For v1.2
> - they will be cached, but without the set-cookie header.
>
>So when a browser accesses a cookie-bearing page through v1.2, the
>cookie will be stripped for all accesses after the first and before
>the page expires? Or will squid still send a HEAD request to the
>destination and then pass along that cookie? (Of course, Yahoo's
>busted HEAD will still send the whole body, but...)
>
>I realize the current beta simply denies cacheability. What are
>the plans?
The plans are to follow the HTTP/1.1 RFC, which states that replies
with 'Set-Cookie' headers are cachable (unless otherwise indicated),
but the 'Set-Cookie' header line itself is not.
This still works because for cache hits the origin server doesn't
need or get the Cookie request header anyway. If the server
requires the Cookie request header for some request, then it
had better make sure the reply is marked as uncachable.
Squid doesn't "strip" cookies (unless you use the http_anonymizer
feature).
Duane W.
Received on Thu Jan 22 1998 - 23:45:16 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:38:29 MST