On 23 Jun 2003, David Nicklay wrote: > I did a check on this, and squid seems to be dropping the Set-Cookie > lines, but it doesn't otherwise.
Yes, this is indeed hardcoded in the Squid sources due to the original Netscape Cookie specification where it is/was specified that caches must not cache the Set-Cookie header. Later specifications changes this so that servers must indicate via Cache-Control if the Set-Cookie header should not be cached, but we have not yet changed Squid. It is a little sensitive matter as cookies may contain private information and not many webservers know about cache-control. The same is not done on Set-Cookie2 as there the specification is clear and refers to Cache-Control for cache control from day 1 eleminating the need for any such hacks, plus that the Squid developers has not really noticed there is a Set-Cookie2 header.. Regards Henrik
