On Tue, 6 Feb 2007, Mark Nottingham wrote:
[snipped description of problem in which Squid appears to be caching
302 redirects with "pre-expired" Expires: header and then serving them
in response to subsequent requests, breaking the authentication
service used by many web servers around the university and smaller
numbers elsewhere.]
Hi John,
Just curious -- have you tried using workarounds like
Cache-Control: max-age=0
or
Cache-Control: no-cache
to see how they behave?
No - I'm not responsible for the authentication software, only for our web
cache, and that hasn't been tried - but unless we've misunderstood what
the HTTP specification says about how the Expires: header should be used
by caches, adding Cache-Control: shouldn't be necessary as the Expires
headers should (in the problem case) just be asserting explicitly the
default non-cacheability of redirects...
Simply omitting the Expires: header appears to avoid the problem, which
also seems to confirm the problem is with Squid caching and then serving
explicitly pre-expired redirects - though that's not an instant solution
for the problem, just as a fixed version of Squid would not be an instant
solution, since in both cases having a fixed version available is much
easier than getting it installed in all the relevant places.
John
--
John Line - web & news development, University of Cambridge Computing Service
