Re: [squid-users] HTTP authentication question...

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Fri, 28 Nov 2003 01:24:27 +0100 (CET)

On Thu, 27 Nov 2003, Dmitry S. Makovey wrote:

> In brief: my question is: how can I distinguish if user comes through one port
> or another, so I can disable caching for this user....

See the my* acl types and the no_cache directive.

> Now, Zope can communicate with squid using ICP and it seems like they do so.
> Problem occures when user loggs into a system (Plone running in Zope) and
> this user is supposed to see same pages "differently" as (s)he get's more
> functionality, but squid still picks up cached version and only "reload" in
> browser helps.

Yes. This is a design error in Plone in that they use the exact same URL
both for anonymous and authenticated content. Such designs obviously sucks
in combination with caching.

Mark Nottinghams "Caching Tutorial for Web Authors and Webmasters"
<url:http://www.mnot.net/cache_docs/> is a very good reading on how things
should be designed with caching in mind and should be mandatory reading
for anyone designing a CMS.

> So my Idea was to check for credentials and if it's empty -
> move user through the cache, if not - don't do caching at all.

Would solve the problem locally, but any user behind a caching proxy would
still see the same problem.

If the proxy cache has been told that the response to a specific URL is
cachable then it will consider this regardless if a future request carries
authentication or not. This how the cache should operate per the HTTP
specifications.

Regards
Henrik
Received on Thu Nov 27 2003 - 17:24:53 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:21:40 MST