> From: Ubaldo Lescano [SMTP:ulescano@tsi.com.pe]
>
> refresh_pattern -i latinmail.com 60 100% 240 reload-into-ims
> override-lastmod
>
It wouldn't surprise me if override-lastmod is making
a page cacheable which should not be cacheable. The
only difference between two different users is probably
the cookie sent, so making the page falsely cacheable
would likely result in getting other people's mail.
Sites that use cookies instead of proper HTTP
authentication (most :-() should use:
Cache-Control: private
to try to avoid this problem (pages requested with
authentication have this implied by default, but
cookies are so endemic that you can't make such
assumptions when they are present).
However, this is an HTTP 1.1 feature,
so I'm not certain that squid would obey it. They
might be able to use Pragma: no-cache, as an HTTP
1.0 fallback, but I would need to check the specs to
make sure that this is ignored for HTTP 1.1 with
Cache-Control headers.
Generally, though, you cannot expect web accesses to
behave correctly if you set any of the modifiers on
refresh patterns.
You also can't generally expert commercial web site
operators to understand the details of the protocol,
or to sympathise with ISPs that are poorly connected.
If the browser exits in response to a page, it is either
broken on insecure, and this cannot be considere a
problem with the proxy.
Received on Thu Jul 22 1999 - 11:04:45 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:47:29 MST