On Thu, 19 Feb 2004, Jérôme SAUTRET wrote:
> The page is taken from the cache (from the preceding request), which
> is wrong in this case, because the pages for authenticated users are
> different from those for anonymous ones.
Well, according to HTTP this is what should happen.
The server has for this URL given a public cacheable copy without
indicating anything else. HTTP then specifies this is the page which
should be given until expiry, no matter if the request includes
authentication or not.
> How can I fix this problem, apart from using different protocols
> (http/https) or virtual hosts (one for anonymous and one for authenticated) ?
Using different URLs for different content is very wise.
> Is there a way to detect the Authorization header field in an acl rule ?
Won't help you as any users behind any HTTP cache will see the same
problem, and users won't be able to log in as they will not be receiving
the authentication challenge.
Regards
Henrik
Received on Thu Feb 19 2004 - 13:45:50 MST
This archive was generated by hypermail pre-2.1.9 : Mon Mar 01 2004 - 12:00:02 MST