I've been racking my brain trying to figure this out so I'm asking the
community here. I'm using Squid 3.0-STABLE12 as a reverse proxy on Linux.
Here's the scenario:
An anonymous user visits my site, http://www.mysite.com/ and can browse
around just fine. As they browse around, Squid caches the pages which
are generated by a PHP-based web app. We're using these Cache-Control
headers to control the content caching:
Cache-Control: public, must-revalidate, max-age=0, s-maxage=10800
Ok, on all the pages there is a "sign-in" link they can click to sign in
to the site. When they click the "sign-in" link to sign in, we switch
to HTTPS to make sure the userid/password are sent securely. Once they
are signed in, they are returned back to the regular site using HTTP but
we set a cookie to signal the user is signed in. At this point, we DO
NOT want to cache the pages since the user is signed in. This is where
the issue arises.
After signing in to the site, the user gets the *cached* version of the
page they were on instead of the page which reflects they are now signed
in to the site. After the user signs in to the site, we send this
Cache-Control header to prevent caching of the pages after the user is
signed in:
Cache-Control: private, must-revalidate, no-cache, no-store, max-age=0,
s-maxage=0
The goal we are after is to have Squid cache pages for anonymous users
ONLY and NOT cache pages for signed in users.
Is this possible? If so, what am I missing to accomplish this?
Thanks!
Peace...
Tom
