Squid caches a response's set-cookie header unless instructed not to
cache the response?
I was looking at a related issue with an http accelerator installation:
when a browser user hit's "shift reload" not only does the browser
re-request the page and all of its inline objects but also addes a
"Pragma: no-cache" request header. Squid just passes these requests
through. I'm wondering if this is a quick and dirty way to invalidate a
particular cache item; if a bogus version of an image is changed (and
you don't want to just use a different name for the right one) one can
just shift-reload to force the accelerator to refresh. Anybody looked
at this more closely already?
Dave J Woolley wrote:
>
> > From: David S. Madole [SMTP:david@omdev.com]
> >
> > I see by looking at the code that objects with a "Pragma: no-cache" tag
> > are made unconditionally non-cacheable, even though that's not a valid
> > header coming from a server. I would like to be able to override this,
> >
> To see why this sort of thing is dangerous, see Microsoft's
> very recent security alert at:
>
> http://www.microsoft.com/security/bulletins/MS99-035.asp
>
> but note that they should use Cache-Control: private to get
> the best results from HTTP 1.1 caches.
-- Salon Internet http://www.salon.com/ HTTP mechanic, Perl diver, Mebwaster, Some of the above Ian Kallen <idk@salon.com> / AIM: iankallen / Fax: (561) 619-0995Received on Mon Sep 13 1999 - 12:57:32 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:48:24 MST