Joerg: > I don't think you need to reset it, just sending the vary header > should be enough?
I was able to try this, and it works fine! Adding the following line: fprintf(g.httpOut, "Vary: Cookie\r\n"); right after printing the ETag header in src/cgi.c (and also after printing the Last-Modified header, if not already printed after the ETag header) results in correct web page expiration after login and logout. Using "user.cexpire" to calculate the ETag may give more fine-grained control, as for example a /uv page would not need a refresh if an unrelated cookie (for example, to set /timeline display options) were changed, but overall, the "Vary: Cookie" method may work well enough. Also, with "Vary: Cookie", there may be issues with caching proxies, depending on whether they receive and evaluate all the cookies, but this may not be a problem for Fossil. For clients that do not understand or support "Vary: Cookie", I would still suggest to perform the Last-Modified checks only if no ETag was included with the request (so that ETag misses can not be outdone by Last-Modified hits). --Florian _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users