jamanbo jamanbo wrote:
Thank you both for the information. I am still confused on the
fundamental issue though. Is it possible for a proxy to be effectively
invisible? I keep getting different answers from different people.
If I go to a.proxy.com which is proxying a.site.com then I expect that
a good browser will refuse to accept cookies in the .site.com domain.
But if it were possibly to configure the proxy so that the browser
thought it was in the .site.com domain even though the url was
.proxy.com (which is what I thought a proxy essentially did) then the
cookies would be accepted, and people keep _suggesting_ to me that
this is possible (although nobody ever goes so far as to tell me what
I need to do with my config to achieve this!).
Can you put this question to rest for me once and for all?
Being sorry to stay in the domain of generalities, and not giving you a
receipe, I would nevertheless think that if a proxy were to not pass
unchanged the cookie headers from sites it proxies, then all these
corporate users sitting behind proxying systems would never be able to
buy a book from Amazon, would they ? But I believe they can, can't they ?
(In fact, I am quite sure of that, because our own applications rely on
cookies, and they are used constantly by corporate users sitting behind
proxies).
So I would think that the *normal* behaviour of a browser and of a proxy
server, should be to *not* play around with cookies.
Contrarily to what you say above, I would thus imagine that a browser
that accesses a.site.com, even through a proxy, should accept a response
(even physically from the proxy) containing a cookie for "a.site.com" or
".site.com", if such was the URL it requested in the first place.
If it does not in some cases, then there must be some non-default
parameter somewhere that prevents it.
In other words also, this would tend to indicate that server responses
containing "Set-Cookie" headers should not be cacheable by proxies,
because the cookie header may be different each time, even accessing the
same URL. (Or, maybe the content is cached, but the HTTP headers cannot be).
Or maybe there is some sophisticated and obscure logic behind this stuff
that I fail to grasp.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
