summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorolavmrk <olavmrk@a716ebb1-153a-0410-b759-cfb97c6a1b53>2014-02-13 09:05:27 +0000
committerolavmrk <olavmrk@a716ebb1-153a-0410-b759-cfb97c6a1b53>2014-02-13 09:05:27 +0000
commit5866c803441f1940a573d0fa609533d561e8716c (patch)
treeb6dea7d08f86cbb5c82d3eb4ffe42c45363149bc
parentb88de1e3171d66de9003b9e13a4f060aa060766e (diff)
downloadmod_auth_mellon-5866c803441f1940a573d0fa609533d561e8716c.zip
mod_auth_mellon-5866c803441f1940a573d0fa609533d561e8716c.tar.gz
mod_auth_mellon-5866c803441f1940a573d0fa609533d561e8716c.tar.xz
Document caching logic in the README-file.
Thanks to Arthur Müller for providing this patch. git-svn-id: https://modmellon.googlecode.com/svn/trunk@224 a716ebb1-153a-0410-b759-cfb97c6a1b53
-rw-r--r--README37
1 files changed, 37 insertions, 0 deletions
diff --git a/README b/README
index 9064a99..78b5f3f 100644
--- a/README
+++ b/README
@@ -696,6 +696,43 @@ After you restart Apache to activate the new configuration, any POST
requests that trigger authentication should now be stored while the
user logs in.
+===========================================================================
+ Mellon & User Agent Caching behavior
+===========================================================================
+
+For each content within Apache Location enabled with "info" or "auth"
+mod_auth_mellon sends by default HTTP1.1 Cache-Control header with values
+"private, must-revalidate":
+
+- private-value protects content against caching by any proxy servers.
+- must-revalidate-value obligates user agent to revalidate maybe locally
+ cached or stored content each time on accessing location.
+
+This default behavior ensures that user agent never shows cached static
+HTML pages after logout without revalidationg. So that user couldn't be
+misleaded about malfunction of logout procedure. Revalidating content after
+logout leads to new authentication procedure via mellon.
+
+But mod_auth_mellon will never prohibit specifically any user agent to
+cache or store content locally, that have to be revalidated. So that during
+the session user agent only revalidates data by server 304-Not-Modified
+response and does not have to download content again.
+
+For special content types like images it could make sense to disable
+revalidation completely, so that user agent can provide cached and stored
+content directly to user. This can be achieved by using other Apache
+modules mod_headers and mod_setenvif. E.g. for PNG images:
+
+Using Apache 2.2 configuration options:
+
+ SetEnvIf Request_URI "\.png$" DISABLE_REVALIDATION
+ Header always unset Cache-Control env=DISABLE_REVALIDATION
+
+For Apache 2.4 exists shorter notation:
+
+ Header always unset Cache-Control expr=%{CONTENT_TYPE}==image/png
+
+Editing, appanding, overwriting headers is possible in other cases.
===========================================================================
Contributors