On Mon, 2008-03-24 at 11:44 -0700, Ric wrote:
> Yes, I realize this. Unless we authenticate using one of the
> Authenticated header methods, it seems that we have to be careful not
> to try caching "split views" in standard proxies.
Even then you have the same problem. A public response is a cache hit
even if the request carries authentication.
> Cookie-
> authenticated responses should only be cacheable in public shared
> caches if they contain no personalization.
Which is quite doable if such requests do not have any personal cookie
at all (not even a tracker one), but fails if there is any kind of
session/tracker cookie making each user unique.
If there is no user/session/tracking specific cookie on public requests
then send
Vary: Cookie
and additionally on personalized content
Cache-Control: private
"Vary: Cookie" says that this response varies with the content of the
Cookie header. That is every little bit of it, not just some cookie or
the servers state depending on a specific cookie, any change in cookie
contents means a unique request..
"Cache-Control: private" says that this response is private and intended
for a single user only.
Regards
Henrik
Received on Tue Mar 25 2008 - 04:27:57 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Apr 01 2008 - 13:00:05 MDT