On Fri, May 18, 2018 at 08:39:15AM +0200, Florian Balmer wrote: > Also, with "Vary: Cookie", there may be issues with caching proxies, > depending on whether they receive and evaluate all the cookies, but this > may not be a problem for Fossil.
Such a proxy would be pretty broken. It has to parse the request to find the URL already and the header will tell it the client cookie. Varying on cookies is also one of the most common instances. > For clients that do not understand or support "Vary: Cookie", I would still > suggest to perform the Last-Modified checks only if no ETag was included > with the request (so that ETag misses can not be outdone by Last-Modified > hits). Again, such a client is pretty much broken already under the caching model. But it would likely not care about the login details in that case. Joerg _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
