On Sun 27 Oct, 1996, "Miguel A.L. Paraz" <map@iphil.net> wrote:
>> They send the same 'cache-control: private' headers as microsoft.com,
>> but unfortunately they're 1.1 headers being sent in a 1.0 response
>> to a 1.0 request,
>
>Isn't this OK--the browser should just skip over them.
yes, but they expect any caching proxy to be able interpret that
the document shouldn't be cached.
>So, you mean MSN.COM gives headers asking for it to be cached, but,
>you shouldn't cache them since supposedly-static pages have changing
>content? Hmm...
Basically, you can set up your own variant on a page, and your browser
gets it by sending in a cookie with its request. The server then
interprets this and sends back the result, which shouldn't really be
cached by an intermediate proxy (they ask you questions like 'what is
your name?' and 'what is your address?' and proceed to print that out
on your "personalized" page too.)
I presume that MS Internet Explorer interprets the Expires: header too,
as how long to keep it in its internal cache, and that's why they
send the Cache-control: private header (and a cache-control header too,
just in case someone wasn't case sensitive: a bug in an earlier IE version?)
Duane did add some support for cache-control, I think, after we pointed
this problem out a while back; but I think basically its Microsoft that
is broken/confused. They seem to be mixing up two versions of protocol
responses in one go.
But my point is that overriding non-cache documents can be a big
risk if they have personal information in them.
James.
Received on Sun Oct 27 1996 - 06:22:32 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:33:22 MST