> Squid caches a response's set-cookie header unless instructed not to
> cache the response?
>
It looks like there is some code to suppress cookies in
Squid, but there is nothing for set-cookie2 and my
(slightly old) draft of HTTP 1.1 doesn't mention cookies
at all, so an HTTP 1.1 proxy need not be aware of cookies
(Cache-Control: private should achieve the desired effect).
In any case, some cookie software will fall back to modified
URLs, to convey session IDs; I think IIS can be forced to
always use this method.
(I'm not sure of the final status of set-cookie2, but note
that the document draft-ietf-http-sate-mec-02.ps, which
is my reference for cookie2 says it is the responsibility of
the source server to control caching with Cache-Control and
Expires, so squid is exceeding its authority by deleting
cookies and may change the semantics in certain cases, as
a result. This is an expired draft.)
Received on Tue Sep 14 1999 - 06:08:32 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:48:24 MST