Re: Cookie problem & thanks

From: Duane Wessels <wessels@dont-contact.us>
Date: Mon, 16 Dec 96 12:45:49 -0800

Nigel.Metheringham@theplanet.net writes:

>
>wessels@nlanr.net said:
>} I'd rather not introduce another option, but just make it the
>} default behaviour to NOT cache responses with cookies.
>
>Isn't there another problem here...
>
>You start up on a service, it sends you a cookie to uniquely identify
>you...
>
>Subsequent requests to that service may result in pages which contain no
>cookie, *but* vary according to the cookie which you are sending to the
>service in your request headers.
>
>This is a real swine since some people will use cookies to modify content
>(which we therefore want to treat as private objects), and others will use
>them to try and track what users are doing which I would prefer to defeat
>by caching!!!
>
>The easy solution is to not cache either pages with set-cookie headers and
>pages resulting from requests with cookies embedded in the request header.
> Unfortunately finding the percentage of pages in this latter catagory is
>probably not possible without adding extra code into squid.

Sigh.

I think in this situation we need to hold some ground against the trend
towards making more and more objects uncachable. People who serve up
content have quite a few ways of marking pages to prevent caching. If
they are giving out dynamic pages based on cookies, or whatever, they
should set Cache-Control headers or at least Expires.

Duane W.
Received on Mon Dec 16 1996 - 12:57:30 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:33:54 MST