Geoffrey Sneddon wrote: > > Now, the problem is how we avoid these cache control headers being > sent. We don't actually send these ourselves, but they are actually > sent by PHP's session extension upon calling session_start() (there > are config options, session.cache_limiter and session.cache_expire, > that alter what is sent). What we want to do is allow pages to be > cached for a certain time (maybe 30 minutes, maybe less?) for non- > authenticated users, and forbid caching for logged in users. As what > gets returned for certain URLs varies upon the Cookie sent, we need to > vary on the Cookie header. (We actually need this already, but because > caching is not allowed, this isn't ever a problem.) If we vary on the > Cookie header, we need all anon users to send the same Cookie header, > to which the obvious solution, I think, is to not send cookies to anon > users.
This will preclude the ability for anonymous users to be associated to session data. Posted form results may eventually become (if they're not already) inseparable from the necessity of a user to maintain a session. That is, the form submission process would accept a POST request, set the result of the form processing into the session, and then redirect to a GET request of a resource that would display the form result from the session in addition to its own content. If anonymous users don't have sessions/cookies, then this is not possible. Should a user not have a session (erg cookie) assigned until it must be? Is this possible? Is it helpful for caching? Owen --~--~---------~--~----~------------~-------~--~----~ To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/habari-dev -~----------~----~----~----~------~----~------~--~---
