On Mon, Oct 03, 2011 at 05:13:35PM +0100, Ben Summers wrote: > Might be best to also add in 'private' > > Cache-Control: private, no-cache > > for a more explicit description of the intent of only showing content to the > user who requested it.
That's wrong. It should have a Vary header to restrict it to the session cookie. Joerg _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
