Re: [squid-users] set-cookie header and rfc2109

From: Mark Nottingham <mnot_at_yahoo-inc.com>
Date: Thu, 20 May 2010 20:05:56 +1000

Note that there really isn't any specification that describes how cookies actually work in the wild. Hopefully that will change soon, thanks to <https://datatracker.ietf.org/wg/httpstate/charter/>.

Cheers,

On 20/05/2010, at 4:50 PM, Angelo H�ngens wrote:

> On 20-5-2010 8:22, Henrik Nordstr�m wrote:
>> ons 2010-05-19 klockan 22:22 +0200 skrev Angelo H�ngens:
>>
>>> http://wiki.squid-cache.org/SquidFaq/InnerWorkings
>>>
>>> "The proper way to deal with Set-Cookie reply headers, according to RFC
>>> 2109 is to cache the whole object, EXCEPT the Set-Cookie header lines."
>>
>> Wrong reference.
>>
>> This is from the original Netscape Cookie specification. At that time
>> Cache-Control did not exists.
>
> So if I understand you correctly, squid follows the behaviour dictated
> in the Netscape Cookie Specification (undated), which says set-cookie
> headers should never be cached. However, that was superseded by rfc2109
> (1997), which says they should be cached unless told not to.
>
> So by that reasoning, I would say Squid does not follow rfc. Not that I
> care that much, but perhaps it would warrant an update in the
> documentation or the faq page?
>
> --
>
>
> With kind regards,
>
>
> Angelo H�ngens
> systems administrator
>
> MCSE on Windows 2003
> MCSE on Windows 2000
> MS Small Business Specialist
> ------------------------------------------
> NetMatch
> tourism internet software solutions
>
> Ringbaan Oost 2b
> 5013 CA Tilburg
> +31 (0)13 5811088
> +31 (0)13 5821239
>
> A.Hongens_at_netmatch.nl
> www.netmatch.nl
> ------------------------------------------
>
>

--
Mark Nottingham       mnot_at_yahoo-inc.com
Received on Thu May 20 2010 - 10:07:26 MDT

This archive was generated by hypermail 2.2.0 : Thu May 20 2010 - 12:00:06 MDT