I'm trying to configure mod_cache in Apache 2.2.17 to act as a transparent 
cache for an application server but I have
some special requirements whose overall purpose is to cache "public" access but 
bypass the cache when users are logged
in. I'm setting a cookie "NOCACHE=on" when the user logs in and checking for 
that cookie in Apache. For this to work
clients must always revalidate with the cache (to send the cookies).

My requirements are:

* Clients should always revalidate with the cache but NOT the application 
server unless a special cookie is set.
* If a page is in the Apache cache the cache should send 304, not the whole 
page.
* If user shift-refreshes the browser always revalidate with the application 
server.
* I can't use alternate domains, ssl or special paths or query strings for 
logged-in users because my application isn't
designed that way.

I'm been experimenting with different headers and cache options but so far I 
haven't found a solution that satisfies all
the requirements. Generally when I get one thing to work another breaks eg:

* The HTTP spec solution of using vary: Set-Cookie won't work because the 
application sets session cookies and you can't
pick one cookie out of the string.
* Using 'CacheIgnoreCacheControl on' allows the cache to work with no-cache 
headers but prevents shift-refresh from
hitting the application server.
* Setting max-age=0 or no-cache in headers with  'CacheIgnoreCacheControl off' 
causes the page to not cache in Apache at
all.
* Setting no-store with 'CacheStoreNoStore On' is pretty close but since the 
client wont store the page the cache is
sending the whole response body every time (not 304).

My vhost config:

====================
    # Expiry and cache-control

    # Set expires header
    ExpiresActive On
    ExpiresDefault "access plus 1 days"
    #ExpiresByType text/html "now"

    # Check for NOCACHE cookie sent by logged-in users and bypass the cache
    SetEnvIf Cookie "NOCACHE" no-cache
    Header set Cache-Control "no-cache" env=no-cache

    # Force all requests to re-validate so cookies are sent even when the 
browser has cached the page
    Header append Cache-Control "must-revalidate"

    # Don't cache cookie headers
    CacheIgnoreHeaders Set-Cookie

    # Enable disk cache
    CacheEnable disk /
    CacheDisable /images
    CacheDisable /styles
    CacheDisable /scripts
    CacheDisable /base
    CacheDisable /users
    CacheDisable /admin
    CacheRoot /var/cache/apache2

    # Various attempts to treat this cache differently to downstream caches
    #CacheStoreNoStore On
    #CacheIgnoreCacheControl on
    #CacheIgnoreNoLastMod On

    # Forward uncached requests to the application server
    RewriteEngine On
    RewriteCond %{REQUEST_FILENAME} !/[^/:]+\.[^/:]{2,5}$
    RewriteRule (.*) /index.cfm$1 [PT,L]
====================

Final thing, the Apache docs seem to use CacheStoreNo*Store* and 
CacheStoreNo*Cache* interchangeably. Is this an alias
or a typo? Which is correct?

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Reply via email to