W3C home > Mailing lists > Public > http-caching-historical@w3.org > February 1996

Re: "Cache-control: no-cache", "Cache-control: private", and , extensibility

From: Shel Kaphan <sjk@amazon.com>
Date: Tue, 20 Feb 1996 08:36:21 -0800
Message-Id: <199602201636.IAA01514@bert.amazon.com>
To: Shel Kaphan <sjk@amazon.com>
Cc: "David W. Morris" <dwm@shell.portal.com>, HTTP Caching Subgroup <http-caching@pa.dec.com>
Shel Kaphan writes:
 > You don't have to stretch too far.  If you write a server application
 > where a user who does not already have a cookie for that server is
 > given a new cookie when they go to the home page on that server, then
 > this situation applies.  You set the home page up as cachable but
 > stale so that it doesn't have to be re-fetched each time, just
 > revalidated, and along with the 304 response, the server sends a
 > set-cookie header particular to that new user.  (It might have a user
 > account number in it, for instance).
 > --Shel

Sorry.  If the user already has a cookie and it is sent with the
request for the home page, the application doesn't need to send a
set-cookie with its response.  You definitely don't want someone
else's cookie from the cache.  

It's just safer not to put them into caches in the first place.
Received on Tuesday, 20 February 1996 16:59:44 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 19:55:57 UTC