Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

cookie Middleware should set Cache-Control header #411

Closed
bminer opened this Issue Nov 11, 2011 · 5 comments

Comments

Projects
None yet
3 participants
Contributor

bminer commented Nov 11, 2011

When cookies are sent back to the browser using a 'Set-Cookie' header, the cookie middleware should also set the 'Cache-Control' header to 'private', in most cases.

See http://code.google.com/speed/page-speed/docs/caching.html

Member

tj commented Nov 11, 2011

I'm only familiar with varnish, which by-design does not cache when cookies are present, looks like squid does similar

Contributor

bminer commented Nov 11, 2011

Indeed. Google Chrome's audit tools also notifiy you when you don't explicitly say "Cache-Control: private" on responses that also contain a "Set-Cookie" header. What do you think about making this change?

Member

tj commented Nov 11, 2011

sounds fine to me

Contributor

jonathanong commented Nov 18, 2013

won't really work right now because sessions always create a new one when one does not exist

@jonathanong jonathanong was assigned Dec 4, 2013

Contributor

jonathanong commented Feb 8, 2014

will no longer be relevant since the cookie parser is being removed in favor of https://github.com/jed/cookies. i'm -1 though since people are going to complain when they find out connect is messing with their cache.

@jonathanong jonathanong closed this Feb 8, 2014

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment