[squid-users] Re: squid reverse proxy caching session id?

From: Oliver Schoett <[email protected]>
Date: Tue, 21 Aug 2007 09:33:42 +0200

Amos Jeffries wrote:
> With squid its better to pass [the session id] as a cookie (which apparently gets
> stripped from any cached objects).
>

Not so sure about that. If you use URL rewriting, an URL like

   http://x.y/app/showUserProfile;jsessionid=NNNN

works fine for several users, because they are distinguished by their
jsessionid. If the jsessionid is passed in a cookie instead, all users
fetch the same URL

   http://x.y/app/showUserProfile

and might end up seeing each other's profiles when squid caches this URL.

Regards,

Oliver Schoett
Received on Tue Aug 21 2007 - 01:34:01 MDT

This archive was generated by hypermail pre-2.1.9 : Sat Sep 01 2007 - 12:00:03 MDT