On 11/07/2005 09:48 PM, Graham Leggett wrote:
> Ruediger Pluem wrote:
>
>> I agree that there are many situation where it does not make sense to
>> cache things under access
>> control, but there are ones where it makes sense.
>>
>> e.g. If you create a forward proxy with httpd that should use caching
>> and that only
>> a limited number of clients on your LAN should be able to use.
>
>
> Forward proxies using access control use the Proxy-Authenticate header,
> which is entirely different access control to the WWW-Authenticate
> header used in normal access control. The Cache-Control: private header
> would not apply in this case.
This is often done via IP addresses and not via username/password.
And this is what I think is the real pain and complain: I does not work
with IP based access controls. Setting Cache-Control: private is just not
what you want here, because this would prevent caching in this case.
BTW: RFC2616 says in 14.9.1:
private
Indicates that all or part of the response message is intended for
a single user and MUST NOT be cached by a shared cache. This
allows an origin server to state that the specified parts of the
response are intended for only one user and are not a valid
response for requests by other users. A private (non-shared) cache
MAY cache the response.
It talks about *single* users. The problems we are facing here are *groups* of
users. So the cache is a shared cache for this group of users in this case.
Regards
RĂ¼diger
[..cut..]
