[...] >> negotiation (this is what they call it in the specs) is a request header based >> concept. The only request header >> available for negotiation is the cookie header. I am not getting the point why that is such >> a "very bad idea (tm)"? >No, the bottom line is that using the same URL for personalized and >anonymous content do not work if rendered by the web server, as HTTP do >not support such split in a reasonable manner. [...] >but Cookie is kind of a kitchen sink with lots of crap getting >into it making the variance in Cookie headers large even for anonymous >access on most sites. Caching of urls like this can only work if you >design the site such that only authenticated sessions have some form of >cookie and anonymous / logged out users have absolutely no cookies at >all (or at least none which varies with the user, to tracking cookies, >no stale session cookies) >Regards >Henrik Agreed. Thanks - i think i got the point now. In that special case i am lucky. We do not use cookies - except for session-handling. And moreover we do not want to cache personalized content. So i can easily add a "no-cache" header in the Apache whenever the user requestes a ressource with a cookie header. Yes - and i have to deal with unsetting stale session-cookies. Regards and thanX for your help achim
