Re: [gatein-dev] Cache-Control - change it to be a per-portal configuration
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 01/20/2014 11:50 AM, Peter Palaga wrote:
Hi Juca,
> [...] the same URL yields different results [...]
One URL can also return distinct language versions of the page
depending on the visitor's preferences (not sure if these are
stored in a cookie or JCR). -- PP
Ok, so, another situation might be that one user gets a page in EN,
with the cache headers, and gets the cached version once he changes
to, say, ES. Not good, but not the end of the world as well, I guess.
The other scenario seems more critical to me, as a cached page might
leak some information from one user to another user.
But just a reminder: the default setting is still "no-cache", so, an
administrator would have to explicitly and actively set the value to a
caching value. Arguably, the administrator would be aware of such
cases (ie: web accelerator/cache between the server and the user,
pages in multiple languages, ...).
I guess the question than changes to: is it worth having this feature?
Or is the risk just too high for the benefit?
Juca.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBCgAGBQJS3Q1VAAoJECKM1e+fkPrXbyUIAIg/n8wICRYHmuqhu5VP1Rcz
wjWgsZwgOkAh9j2CygOuhtVOhAVsCunTGSRv/ZIvr+ElPU13/zU7uXwLo5vXHg9I
kJwa+361krKWqotNlwYwNL3SbAMj4+LCH5lMm15uJJ0WvlhHbbmOP0lQ/Xgd6on2
KnhPnSzP6p/y1cOaBgTn/7Jsi95BfAnKArKus4gfuYRvBjIknTLJlVhGSTNQYDCh
Ec8TkQjYS3uvUkRG61PLLVD7lOPF+cH0PNFDf3ncHPbJXeH4Louyox0sspZrXARE
6WHd+LGUNiJX0bS3cQFlm2EkHym6K8MbJblO2WJd2w97R1ZnR2CFDs8dIUoh41c=
=nYzl
-----END PGP SIGNATURE-----