On 23 Jun 2003, David Nicklay wrote:
> I did a check on this, and squid seems to be dropping the Set-Cookie
> lines, but it doesn't otherwise.
Yes, this is indeed hardcoded in the Squid sources due to the original
Netscape Cookie specification where it is/was specified that caches must
not cache the Set-Cookie header.
Later specifications changes this so that servers must indicate via
Cache-Control if the Set-Cookie header should not be cached, but we have
not yet changed Squid. It is a little sensitive matter as cookies may
contain private information and not many webservers know about
cache-control.
The same is not done on Set-Cookie2 as there the specification is clear
and refers to Cache-Control for cache control from day 1 eleminating the
need for any such hacks, plus that the Squid developers has not really
noticed there is a Set-Cookie2 header..
Regards
Henrik
Received on Mon Jun 23 2003 - 17:36:58 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:20:09 MST