Yes, I am setting a cookie. The session leakage problem is interesting. I have a question though, does the Expires header have precedence over the LastModified/ETag headers? I would like to use the LastModified/ETag headers to implement conditional GET, are you sure that ETag has precedence over the Expires header? (I am using cache-control: private)
btw, thanks for the answer. -g. On Mar 1, 8:39 pm, "Ikai L (Google)" <[email protected]> wrote: > Are you setting a cookie? We force an expires header for any requests that > have a set-cookie header. The reason for this is that many users access > websites using HTTP proxies. Some proxies will cache the entire request, > which may cause session leak (e.g. let you read someone else's email). > > On Mon, Mar 1, 2010 at 7:09 AM, George Moschovitis < > > > > > > [email protected]> wrote: > > I don NOT want to set an Expires header. I am just curious with the > > header is added (and messes up with my caching scheme) > > > -g. > > > > Well, if you do not like what GAE sets as Expires value, why not set > > > yours? > > > > On Mar 1, 11:18 am, George Moschovitis <[email protected]> > > > wrote: > > > > > > Could you provide some code please? > > > > > What kind of code should I provide? I do NOT set the Expires header in > > > > my code, and still GAE automatically adds the Expires header. > > > > > -g. > > > -- > > You received this message because you are subscribed to the Google Groups > > "Google App Engine for Java" group. > > To post to this group, send email to > > [email protected]. > > To unsubscribe from this group, send email to > > [email protected]<google-appengine-java%2B > > [email protected]> > > . > > For more options, visit this group at > >http://groups.google.com/group/google-appengine-java?hl=en. > > -- > Ikai Lan > Developer Programs Engineer, Google App > Enginehttp://googleappengine.blogspot.com|http://twitter.com/app_engine -- You received this message because you are subscribed to the Google Groups "Google App Engine for Java" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine-java?hl=en.
