> From: Blue Lang [SMTP:blue@calico.gator.net]
>
> I tried to follow this thread back, but got lost. Can you possibly
> elaborate on that last bit a little? Is the issue that no page with a
> cookie will ever be cached, or is something more sinister going on?
>
As I understand it, if you provide a cookie, a public
cache, like squid, may cache it unless you set cache-control:
private.
Generally, you don't want to set cookies unless they
correlate to an individual, so normally you will want to
set cache-control: private on all cookies.
However, setting cache-control: private defeats cacheing,
so you want to do it as little as possible. This isn't
a problem if people accept cookies, but many, like me,
will reject all persistent cookies and only accept session
cookies if they can see a legitimate need for them. If
your application insists on setting cookies when the user
doesn't want them, it will always have to make the page
non-cacheable - people who reject cookies are normally
prepared to accept a performance penalty for their
increased privacy.
To expand on what I was saying, if there is a strong case,
as perceived by the users, for session cookies, you could
record the fact that persistent cookies were refused, but
if no cookies at all have been accepted, the only way to
maintain cacheability without losing that reader (which you
might consider an acceptable loss if you are using cookies
to track individuals rather than for statistical purposes)
is to only try and set them on a small entry page to the
site.
Once you have set cookies, it should be sufficient to set max-age=0
to force a default configured proxy to pass them back on every
access, but as a conditional get. (Many squid users, particularly
in poor countries, override max-age=0 in order to improve their
access latency.)
Note this is mainly from a consumer point of view, with a
knowledge of how caches and cookies work. Supplier side
priorities are often very different.
Received on Tue Oct 26 1999 - 12:40:51 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:49:05 MST