You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Arkadiusz Miśkiewicz <ar...@maven.pl> on 2009/10/30 20:57:38 UTC
[users@httpd] make mod_cache not cache cookies but cache contents from application side
Hi,
Is there a way to forbid caching cookies from application level (let say php
or mod_perl level) by mod_cache? I know method via apache config but trying
to find one via application level. Of course I would like the rest (bodies)
to be actually cached but not cookies itself.
mod_cache from 2.2.14 is doing crazy things like leaking user A cookie to
the user B which for me is serious security issue.
--
Arkadiusz Miśkiewicz PLD/Linux Team
arekm / maven.pl http://ftp.pld-linux.org/
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] Re: make mod_cache not cache cookies but cache contents from application side
Posted by Arkadiusz Miśkiewicz <ar...@maven.pl>.
Igor Cicimov wrote:
> Also did you try setting the Cache header to no-cache on the apllication
> side for the cookies?
This will prevent caching anything. I would like only cookies to be not
cached while the body of the request to be actually cached.
--
Arkadiusz Miśkiewicz PLD/Linux Team
arekm / maven.pl http://ftp.pld-linux.org/
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] make mod_cache not cache cookies but cache contents
from application side
Posted by Igor Cicimov <ic...@gmail.com>.
Also did you try setting the Cache header to no-cache on the apllication
side for the cookies?
2009/10/31 Igor Cicimov <ic...@gmail.com>
> Read the mode_cache directive on the apache site and you will find your
> answer
>
>
> 2009/10/31 Arkadiusz Miśkiewicz <ar...@maven.pl>
>
>>
>> Hi,
>>
>> Is there a way to forbid caching cookies from application level (let say
>> php
>> or mod_perl level) by mod_cache? I know method via apache config but
>> trying
>> to find one via application level. Of course I would like the rest
>> (bodies)
>> to be actually cached but not cookies itself.
>>
>> mod_cache from 2.2.14 is doing crazy things like leaking user A cookie to
>> the user B which for me is serious security issue.
>>
>> --
>> Arkadiusz Miśkiewicz PLD/Linux Team
>> arekm / maven.pl http://ftp.pld-linux.org/
>>
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>
Re: [users@httpd] make mod_cache not cache cookies but cache contents
from application side
Posted by Igor Cicimov <ic...@gmail.com>.
Read the mode_cache directive on the apache site and you will find your
answer
2009/10/31 Arkadiusz Miśkiewicz <ar...@maven.pl>
>
> Hi,
>
> Is there a way to forbid caching cookies from application level (let say
> php
> or mod_perl level) by mod_cache? I know method via apache config but trying
> to find one via application level. Of course I would like the rest (bodies)
> to be actually cached but not cookies itself.
>
> mod_cache from 2.2.14 is doing crazy things like leaking user A cookie to
> the user B which for me is serious security issue.
>
> --
> Arkadiusz Miśkiewicz PLD/Linux Team
> arekm / maven.pl http://ftp.pld-linux.org/
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>