On Wed, Feb 3, 2010 at 2:34 PM, Maciej Stachowiak <[email protected]> wrote: > I don't think I've ever seen a Web server send "Vary: Cookie". I don't know > offhand if they consistently send enough cache control headers to prevent > caching across users.
I've been doing a little poking around. Wikipedia sends "Vary: Cookie". Wikipedia additionally uses "Cache-Control: private", as do some other sites I checked. Other sites seem to be relying on revalidation of cached entries by making them already expired. --Tyler -- "Waterken News: Capability security on the Web" http://waterken.sourceforge.net/recent.html
