Re: How does cookies work with Squid?

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Mon, 12 Jun 2000 01:20:57 +0200

Hmm.. The Squid FAQ seems to be a bit incorrect in it reference there..
The functionality it describes is from an earlier cookie specification
(Netscape document, not an RFC). RFC2109 is quite different in this area
and utilises the Cache-Control header for controlling caching (see
RFC2109 section 4.2.3).

Unfortunately Squid does still implement the older specification, and
denies all caching of Set-Cookie headers. The page content should
however be cached if it is properly marked as cachable.

--
Henrik Nordstrom
Squid hacker
Hillel Bilman wrote:
> 
> Hi
> 
> >From the Squid FAQ 12.19:
> The proper way to deal with Set-Cookie reply headers, according to RFC 2109
> is to cache the whole object, EXCEPT the Set-Cookie header lines.
> With Squid-2, however, we can filter out specific HTTP headers. But instead
> of filtering
> them on the receiving-side, we filter them on the sending-side. Thus,
> Squid-2 does cache
> replies with Set-Cookie headers, but it filters out the Set-Cookie header
> itself
> for cache hits.
> 
> Does the above paragraph mean that squid version 2 will filter out cookies
> getting
> from the web server to the browser, but still cache those pages?
> 
> Do I have to do anything in squid.conf for this to always work? or on the
> asp pages
> becides, the standard public and expires tags?
> 
> If the web server requests cookie information from the browser will this
> request get
> to the browser and will the browser be able to send the response back to the
> web server?
> 
> I'm using Squid 2.3 STABLE3 in http accelerator mode connecting to an IIS4
> Server.
> The application uses classes that makes use of sessions (the Session ASP
> object can't be disabled) and so cookies by default are served. So I'm stuck
> with cookies. However according to the
> dba the session ASP is only needed to run the classes, but it's not needed
> in the
> functioning of the site as a whole. So if I switched off cookies in my
> browser,
> I can still browse the site. We also don't have any authentication.
> 
> Thanks for all the help
Received on Sun Jun 11 2000 - 17:26:55 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:54:00 MST