It's possible to use user authentication in an if-modified-since request,
yes? If so then the following should work:
C: "Is this user/pass combo allowed to have this document?"
S: "Yes."
or
S: "No." connection closed.
C: "Has it been changed?"
S: "Yes, here it is." ...document....
S: "No." connection closed.
I see lots of 304's in my access logs with user names attached so I know
some browser out there is doing this right....
With local caching the only problem is if there's data in the
user-authenticated pages you don't want others to see (which is probably
true if it's under authentication in the first place), which makes the
security of the cache itself an issue. Hmmm.
Brian