I have some feedback regarding the Cookie Section.
Note that this algorithm requires storing the cookies from the associated request with each response.
In Firefox we currently store a hash of the Cookie header instead of the actual cookie value in order to deal with Vary: Cookie.
This is because the cookies could be large in size, and because we don't want potentially sensitive information contained in cookies to be persisted in the HTTP cache.
So I think you can implement the algorithm without storing the actual cookies in the response.
I'm also wondering if this section should mention that the response may include a Set-Cookie header with one of the indices.
I don't think anything special would need to happen, apart from this immediately invalidating the cache entry.
I have some feedback regarding the Cookie Section.
In Firefox we currently store a hash of the Cookie header instead of the actual cookie value in order to deal with Vary: Cookie.
This is because the cookies could be large in size, and because we don't want potentially sensitive information contained in cookies to be persisted in the HTTP cache.
So I think you can implement the algorithm without storing the actual cookies in the response.
I'm also wondering if this section should mention that the response may include a
Set-Cookieheader with one of the indices.I don't think anything special would need to happen, apart from this immediately invalidating the cache entry.