diff options
authorolavmrk <olavmrk@a716ebb1-153a-0410-b759-cfb97c6a1b53>2014-02-13 09:05:27 +0000
committerolavmrk <olavmrk@a716ebb1-153a-0410-b759-cfb97c6a1b53>2014-02-13 09:05:27 +0000
commit5866c803441f1940a573d0fa609533d561e8716c (patch)
parentb88de1e3171d66de9003b9e13a4f060aa060766e (diff)
Document caching logic in the README-file.
Thanks to Arthur Müller for providing this patch. git-svn-id: a716ebb1-153a-0410-b759-cfb97c6a1b53
1 files changed, 37 insertions, 0 deletions
diff --git a/README b/README
index 9064a99..78b5f3f 100644
--- a/README
+++ b/README
@@ -696,6 +696,43 @@ After you restart Apache to activate the new configuration, any POST
requests that trigger authentication should now be stored while the
user logs in.
+ Mellon & User Agent Caching behavior
+For each content within Apache Location enabled with "info" or "auth"
+mod_auth_mellon sends by default HTTP1.1 Cache-Control header with values
+"private, must-revalidate":
+- private-value protects content against caching by any proxy servers.
+- must-revalidate-value obligates user agent to revalidate maybe locally
+ cached or stored content each time on accessing location.
+This default behavior ensures that user agent never shows cached static
+HTML pages after logout without revalidationg. So that user couldn't be
+misleaded about malfunction of logout procedure. Revalidating content after
+logout leads to new authentication procedure via mellon.
+But mod_auth_mellon will never prohibit specifically any user agent to
+cache or store content locally, that have to be revalidated. So that during
+the session user agent only revalidates data by server 304-Not-Modified
+response and does not have to download content again.
+For special content types like images it could make sense to disable
+revalidation completely, so that user agent can provide cached and stored
+content directly to user. This can be achieved by using other Apache
+modules mod_headers and mod_setenvif. E.g. for PNG images:
+Using Apache 2.2 configuration options:
+ SetEnvIf Request_URI "\.png$" DISABLE_REVALIDATION
+ Header always unset Cache-Control env=DISABLE_REVALIDATION
+For Apache 2.4 exists shorter notation:
+ Header always unset Cache-Control expr=%{CONTENT_TYPE}==image/png
+Editing, appanding, overwriting headers is possible in other cases.