On Mon, 6 Jun 2005, Peter Zechmeister wrote:
- Squid must not cache pages, where Authorization Header is set, but it
does in the moment and so pages which have the same url but behave
different when entered anonymous or autorized are mixed up.
Can anybody tell me how to fix this?
This is a common design error in many web applications.
If there is a public cacheable object on an URL then there must not be
personalized or protected variants on the same URL. Exception is if the
conditions for when a personalized/protected variant is returned can be
expressed via the Vary header.
The Authorization restriction only goes the other way, making sure that
the cache won't cache content requiring Authorization as if it was public
content not requiring Authorization.
Regards
Henrik
