Re: dropping headers in parse mode

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Tue, 24 Jun 2003 01:36:51 +0200 (CEST)

On 23 Jun 2003, David Nicklay wrote:

> I did a check on this, and squid seems to be dropping the Set-Cookie
> lines, but it doesn't otherwise.

Yes, this is indeed hardcoded in the Squid sources due to the original
Netscape Cookie specification where it is/was specified that caches must
not cache the Set-Cookie header.

Later specifications changes this so that servers must indicate via
Cache-Control if the Set-Cookie header should not be cached, but we have
not yet changed Squid. It is a little sensitive matter as cookies may
contain private information and not many webservers know about
cache-control.

The same is not done on Set-Cookie2 as there the specification is clear
and refers to Cache-Control for cache control from day 1 eleminating the
need for any such hacks, plus that the Squid developers has not really
noticed there is a Set-Cookie2 header..

Regards
Henrik
Received on Mon Jun 23 2003 - 17:36:58 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:20:09 MST