I'm looking at authentication state to pass from click-to-click.
In this case, documents better darn well NOT be cached in such a way
that someone else (unathenticated or unauthorized) can get them.
But you know this.
What we're talking about now is putting state info into the
URL instead of in the HTTP headers like this
such that the server can set PATH_INFO to "state;blah;blah"
for the fronting CGI script to utilize. With the cheaper Netsite
(my employer; not UA) we're running, this works. More importantly
it works for the majority of browsers. It's not as pretty as I
would like, but it's functional. I actually prefer it for some
other applications (from a former life). The only downside as far
as the implementation goes is that the server doesn't automagically
parse on the first semi-colon.
This method gets the desired results from the proxies.
-- Rick Troth <email@example.com>, Houston, Texas, USA http://ua1vm.ua.edu/~troth/