- From: Jeffrey Mogul <mogul@pa.dec.com>
- Date: Thu, 11 Apr 96 15:46:33 MDT
- To: "Roy T. Fielding" <fielding@avron.ICS.UCI.EDU>
- Cc: http-caching@pa.dec.com
> The difference between "max-age=0" and "must-revalidate" for caches
> that play by the transparency rules is that, if revalidation fails
> because of network failure:
>
> - with "max-age=0", you return a stale 200 (OK) response with a
> warning header attached
>
> - with "must-revalidate", you return a 5xx error response
>
> So must-revalidate is more than just "really really max-age=0".
>
> Speaking in road-sign metaphors, "max-age=0" means "speed limit 50
> Km/h", while "must-revalidate" means "WARNING: sharp turn: safe
> maximal speed 50 Km/h". If you ignore the first, you only sin against
> community standards. If you ignore the second, you end up upside down
> besides the road.
That is a better description and justification -- it should be included
in the specification. I can live with must-revalidate if it implies
derailment.
Here is the language that I have now:
If a cache returns a stale response, either because of a max-stale
directive on a request, or because the cache is configured to
override the expiration time of a response, the cache MUST
attach a Warning header to the stale response, using Warning 10
(Response is stale).
and
Because a cache may be configured to ignore a server's specified
expiration time, and because a client request may include a max-stale
directive, which has a similar effect, the protocol also includes a
mechanism for the origin server to require revalidation of a cache
entry on any subsequent use. When the ``must-revalidate'' directive
is present in a response received by a cache, that cache MUST NOT use
the value to respond to a subsequent request without first
revalidating it with the origin server. (I.e., the cache must do an
end-to-end revalidation every time.)
The ``must-revalidate'' directive is necessary to support reliable
operation for cookies and certain other protocol features. In all
circumstances an HTTP/1.1 cache MUST obey the ``must-revalidate''
directive; in particular, if the cache cannot reach the origin server
for any reason, it MUST generate a 504 (Gateway Timeout) response.
Note that HTTP/1.0 caches will ignore this directive.
The ``must-revalidate'' directive is semantically equivalent to
the ``max-age=0'' directive, except that it overrides all other
expiration mechanisms and configuration parameters.
Servers should send the ``must-revalidate'' directive if and
only if failure to revalidate a request on the entity could
result in significantly incorrect operation, such as a silently
unexecuted financial transaction. Recipients MUST not take any
automated action that violates this directive, and MUST not
automatically provide an unvalidated copy of the entity if
revalidation fails.
Although this is not recommended, user agents operating under
severe connectivity constraints may violate this directive but
if so, MUST explicitly warn the user that an unvalidated
response has been provided. The warning MUST be provided on
each unvalidated access, and SHOULD require explicit user
confirmation.
-Jeff
Received on Thursday, 11 April 1996 23:21:57 UTC