I've done extensive testing with recent versions of Squid, and can say
authoritatively that they do not cache pages with HTTP authentication.
If you can reproduce the behavior in a 'clean' environment (you see the
activity, you can confirm that the browser hasn't previously requested the
objects in the same session, you can confirm that the objects don't have the
headers mentioned), you might be on to something; it would be interesting to
find out what version of Squid were being used, as well as if there were any
other proxies in the path (the Squid might be using another proxy as a
parent).
Otherwise, I'd tend to think it was just a misperception/false report by the
user; they aren't generally reliable, doubly so with salespeople ;-)
If you can give me the URL of the site and a test user/pass pair, I'll be
happy to test it with a few different caches...
> -----Original Message-----
> From: Simon Austin [mailto:simona@computerwire.com]
> Sent: Thursday, February 11, 1999 11:50 AM
> To: Nottingham, Mark (Australia); squid-users@ircache.net
> Subject: RE: Small question about the caching of password protected
> pages
>
>
> At 05:49 PM 2/10/99 -0500, Nottingham, Mark (Australia) wrote:
> >Squid does not cache pages that are HTTP authenticated, unless a
> >Cache-Control: public header is returned with the response
> (the web site
> >would have to do this specifically). If they're using
> another authentication
> >mechanism, it's perfectly possible the pages are being cached, albiet
> >unlikely (they'd have to generate validators, Expires times
> or similar for
> >the objects as they're served).
> >
> >This assumes Squid 2.x; Squid 1.x behaves in a similar
> manner, AFAIK, except
> >I don't know offhand whether it will honor a Cache-Control: public
> >directive.
> >
> >A much more likely explanation is that someone had used the
> browser to
> >access the site in the same session.
>
> Possible, but I was told the person had never heard of us or
> accessed us
> before. There are no accesses in the logs from the time of the demo to
> indicate that the pages had been retrieved from our server
> either - which
> made me think of caches, and it was only then I found out the
> company where
> the demo was done uses Squid. It's possible that the sales
> person has told
> me the wrong information, and I'll go back and check it with
> them, but can
> someone confirm for certain that squid doesn't cache
> authenticated pages
> rather than that it isn't supposed to?
>
> - Si
>
Received on Wed Feb 10 1999 - 18:14:30 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:44:30 MST