Re: cookie problems

On Mon, 25 Oct 1999, Simon Greaves wrote:

> Some more background on this problem in addendum to my previous post, I
> just received a note from the admin of the site we were having problems
> with (http://www.thenutshell.co.uk/content/free/logon.html).
>
> For what it's worth, I thought I'd forward a summary of their comments:
>
> 8<-----------------------------------------------------------------
> Internet proxy servers don't expect html pages to contain any dynamic
> content so they cache a local copy of that page.
>
> The site attempts to send a session cookie to a new user before it
> displays the logon box. Since the first page visited was the
> 'logon.html' page, the proxy server probably returned the copy it had in
> it's local cache and therefore a fresh session cookie never reached his
> browser.
>
> The logon.html page has been modified to contain an asp inside it's
> frame which should take care of the caching problem.
> 8<-----------------------------------------------------------------
>
> It's true that the site logon does now work, and I understand why it now
> works since squid will not cache the dynamic stuff hence will re-request
> the asp page. Presumably the reason it didn't work before was not an
> issue with squid, but rather the website's implementation, ie squid had
> no way of knowing it should contact the remote site.

That would be my analysis as well.

According to the HTTP standard, Squid is allowed to store responses
that have "set-cookie" headers, but it must not send the "set-cookie"
header to a client when giving a cache hit. Thus, Squid filters out
"set-cookie" headers for its cache hits.

Duane W.
Received on Mon Oct 25 1999 - 13:20:00 MDT