- From: Shel Kaphan <sjk@amazon.com>
- Date: Tue, 20 Feb 1996 08:36:21 -0800
- To: Shel Kaphan <sjk@amazon.com>
- Cc: "David W. Morris" <dwm@shell.portal.com>, HTTP Caching Subgroup <http-caching@pa.dec.com>
Shel Kaphan writes: > You don't have to stretch too far. If you write a server application > where a user who does not already have a cookie for that server is > given a new cookie when they go to the home page on that server, then > this situation applies. You set the home page up as cachable but > stale so that it doesn't have to be re-fetched each time, just > revalidated, and along with the 304 response, the server sends a > set-cookie header particular to that new user. (It might have a user > account number in it, for instance). > > --Shel Sorry. If the user already has a cookie and it is sent with the request for the home page, the application doesn't need to send a set-cookie with its response. You definitely don't want someone else's cookie from the cache. It's just safer not to put them into caches in the first place.
Received on Tuesday, 20 February 1996 16:59:44 UTC