Skip to content
This repository

cookie Middleware should set Cache-Control header #411

Closed
bminer opened this Issue November 10, 2011 · 5 comments

3 participants

Blake Miner Jonathan Ong TJ Holowaychuk
Blake Miner

When cookies are sent back to the browser using a 'Set-Cookie' header, the cookie middleware should also set the 'Cache-Control' header to 'private', in most cases.

See http://code.google.com/speed/page-speed/docs/caching.html

TJ Holowaychuk
Collaborator

I'm only familiar with varnish, which by-design does not cache when cookies are present, looks like squid does similar

Blake Miner

Indeed. Google Chrome's audit tools also notifiy you when you don't explicitly say "Cache-Control: private" on responses that also contain a "Set-Cookie" header. What do you think about making this change?

TJ Holowaychuk
Collaborator

sounds fine to me

Jonathan Ong
Collaborator

won't really work right now because sessions always create a new one when one does not exist

Jonathan Ong jonathanong closed this February 08, 2014
Jonathan Ong
Collaborator

will no longer be relevant since the cookie parser is being removed in favor of https://github.com/jed/cookies. i'm -1 though since people are going to complain when they find out connect is messing with their cache.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.