Re: [SQU] Cookies and always_direct

From: Henrik Nordstrom <[email protected]>
Date: Sat, 26 Aug 2000 01:35:57 +0200

Chris Conn wrote:

> I have been trying to see in the past posts if cookies are cached or not
> cached by Squid. Can someone give me the final answer on this one? I
> have customers that tell me they cannot access a site because it tells
> them they don't have cookies enabled, and the web provider told me it
> was due to Squid sending them the same cookie...

Squid implements the original Netscape documentation on how cookies
should be handled by proxies. That is that the page where the set-cookie
header was seen might be cached, but the set-cookie header must not be
sent on cache hits. What this means is that cache hits does not carry a
cookie.

If you see a Set-Cookie: header on a cache hit then you have found a bug
in Squid.

To see if this is the case you can enable log_mime_hdrs in squid.conf.

Also note the obvious: If JavaScript is used to set the cookie then it
might be served from cache unless the page carries the proper
cache-control headers, just as any other HTML content.

On the todo is to rewrite Squid to implement caching of cookies as per
the current specifications for "HTTP State Management Mechanism"
(RFC2109 and the updated draft of the same document). Due to Squids
partial HTTP/1.1 implementation the non-caching methods discussed there
are already supported. What is not supported yet in Squid is allowing
cookies to be cached when told they are cacheable.

--
Henrik Nordstrom
Squid hacker
--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
Received on Fri Aug 25 2000 - 17:43:12 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:55:05 MST