W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2010

Re: [XHR2] AnonXMLHttpRequest()

From: Thomas Broyer <t.broyer@gmail.com>
Date: Fri, 5 Feb 2010 00:07:15 +0100
Message-ID: <a9699fd21002041507y62897260h8236ad922c968919@mail.gmail.com>
To: Tyler Close <tyler.close@gmail.com>
Cc: Maciej Stachowiak <mjs@apple.com>, WebApps WG <public-webapps@w3.org>
On Thu, Feb 4, 2010 at 11:05 PM, Tyler Close <tyler.close@gmail.com> wrote:
> On Wed, Feb 3, 2010 at 2:34 PM, Maciej Stachowiak <mjs@apple.com> wrote:
>> I don't think I've ever seen a Web server send "Vary: Cookie". I don't know offhand if they consistently send enough cache control headers to prevent caching across users.
>
> I've been doing a little poking around. Wikipedia sends "Vary:
> Cookie". Wikipedia additionally uses "Cache-Control: private", as do
> some other sites I checked. Other sites seem to be relying on
> revalidation of cached entries by making them already expired.

FWIW, Django also sends "Vary: Cookie" when using sessions (which
includes "form authentication" AFAICT):
http://code.djangoproject.com/browser/django/trunk/django/contrib/sessions/middleware.py

-- 
Thomas Broyer
/tɔ.ma.bʁwa.je/
Received on Thursday, 4 February 2010 23:08:08 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:36 GMT