[Catalyst] Re: Production session issue - commercial supportinquiry?

Aristotle Pagaltzis pagaltzis at gmx.de
Tue Jan 27 04:39:21 GMT 2009

* Matt Pitts <mpitts at a3its.com> [2009-01-27 04:50]:
> So, would something like the following prevent caches from
> poisoning cookie headers...?
> $c->req->header('Vary' => 'set-cookie');
> Or would you set against the request header...?
> $c->req->header('Vary' => 'cookie');

The latter. After all, the whole point of a proxy is that the
origin server isn’t sending a response, the proxy is. And at
the time when the proxy has to send a response, the only data
it can use to determine which variant to send is the client
request. So the origin server has to let intermediaries know
which *request* headers to use as hash keys for picking the
correct reponse, and that’s what the `Vary` response header

> Now, this I like! I was definitely suffering from close-
> mindedness on the cart design and would have never even thought
> of treating a Cart just like any other object your CRUDing and
> give it REST-like URLs.


Aristotle Pagaltzis // <http://plasmasturm.org/>

More information about the Catalyst mailing list