Hello, I'm considering to use a HTTP Cache in front of a web application I'm developing. I'd operate the cache as a transparent proxy to cache dynamic resources that are only accessible via authentication (with Vary: Authorization header set, so each user's version is cached separately). What a user can and can't see depends on permissions configured for that user in the web application, and permissions can change over time. Authentication is handled only by the web application.
>From what I've read Apache TS would fit this scenario perfectly, but there is >an open question I could not find an answer for: If a user's permission to see >a resource is revoked in the web application, that resource is still cached >until it becomes stale, so it is still visible. So that change in permissions >is not in effect as long as the resource is still considered fresh by the >cache. However, because the web application knows when a users permissions change, it could simply tell the cache to invalidate (evict) all resources in the cache that match the user's authorization header. So is there a way to programmatically (e.g. HTTP service call, etc.) evict all resources matching an Authorization header? Kind regards, Uwe
