Re: [squid-users] Acceleration and Cookies from Henrik Nordstrom on 2003-05-20 (squid-users)

From: Henrik Nordstrom <hno@dont-contact.us>
Date: 20 May 2003 21:12:13 +0200

tis 2003-05-20 klockan 16.28 skrev AJ Lemke:

> I have a squid box running in acceleration mode. My question deals with
> cookies. Would a site on a squid(acceleration) that sets unique
> cookies, set the same cookie for every user or would the cookie be
> different for each user. Example site has a counter that is set in the
> cookie each user has a unique number that is incremented, ie Client A is
> 1 Client B is 2 and so. When on the squid(acceleration) cache Client A
> would get 1 but would Client B get 2 or would they get 1 as the page is
> cached.

Because of security issues Squid never caches Set-Cookie headers, but it
does however cache the page content unless your server indicates the
page is not cacheable. This is per the Netscape Cookie specification
IIRC.

It is basically up to your server to give Squid correct instructions in
how it may cache the page content, and optionally also the Set-Cookie
header via the Cache-Control HTTP header. If you do not Squid will
assume it is just a page as any other and cache it depending on expiry
information and refresh_pattern settings..

To be HTTP compliant a server which sends a page having a Set-Cookie
header where the page is intended to be cacheable but the Set-Cookie
header not should send

Cache-Control: private=Set-Cookie

If the server wants the page to be cached, but the origin server
contacted on each request for a new Set-Cookie header then the following
should be used:

Cache-Control: no-cache="Set-Cookie", proxy-revalidate

For full details see RFC2616 section 14.9 Cache-Control

Note: Squids implementation of Cache-Control is not fully complete.

Regards
Henrik

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org
Please consult the Squid FAQ and other available documentation before
asking Squid questions, and use the squid-users mailing-list when no
answer can be found. Private support questions is only answered
for a fee or as part of a commercial Squid support contract.
If you need commercial Squid support or cost effective Squid and
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, info@marasystems.com

Received on Tue May 20 2003 - 13:12:25 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:16:48 MST