Hello, I've found something concerning this topic in the FAQ and now just want to make sure I've understood this correctly... I want to use squid in front of a CMS. The CMS manages "login information" via cookies, so whenever a user has logged in to the CMS all HTTP requests contain a header field "Cookie: login=foobar" (of course encyrpted in some way). Anonymous users don't send such a cookie... Whenever a logged in user visits a document she gets a lot of additional buttons and links to edit this document. Anonymous users use the same URL to view the document, but of course will not see the edit-features. Because the CMS is not the fastest one, I want to cache all responses for a certain amount of time (even for the logged in users, because they in fact very seldom modify content). The problem has been to ensure, that anonymous users will not see the pages with the "edit-features", and that logged in users will always see their edit-features (there are even different edit-features per user). I've solved it by setting the "Expires: " header to some minutes in the future and the header "Vary: Cookie" in all responses that should be cacheable. As I have understood the "Vary" mechanism, a cache first looks at the URL of an object. Whenever it finds an entry in its cache, it looks, whether all request-headers (specified by the value of the original "Vary" header) of the original request (that caused the object to be stored in the cache) match the values of the corresponding request headers of the current request. If they match, the cache may return the cached version, if they don't, the cache has to fetch a fresh copy from the origin server. So in fact a cache uses the tuple (URL, getRequestHeaders_specified_by_Vary-header_of_stored_objects) to find a valid copy of the object in the cache. Is this true? Will my cache work like expected? Thanks and best regards -Stefan-
