httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nicholas Sherlock <n.sherl...@gmail.com>
Subject [users@httpd] Re: Caching is serving up the wrong user content to some users who log in.
Date Mon, 21 Jun 2010 21:17:55 GMT
On 22/06/2010 2:13 a.m., Presto, Patrick wrote:
> One of our larger portal applications
> has had reports of users logging in and getting other users content

Your application is not sending Cache-Control: Private as it MUST in 
order to avoid caches at any level of the chain from caching your 
user-specific content. It's not just your caching server, there are ISPs 
that will cache your pages that have no caching directives too, exposing 
sessions to other users who use the same ISP. We saw it on our website 
until we added the correct directives to block caching.

Cheers,
Nicholas Sherlock


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message