W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1997

Issues-list item "CACHING-CGI"

From: Jeffrey Mogul <mogul@pa.dec.com>
Date: Tue, 15 Apr 97 17:12:15 MDT
Message-Id: <9704160012.AA15744@acetes.pa.dec.com>
To: http-wg@cuckoo.hpl.hp.com
X-Mailing-List: <http-wg@cuckoo.hpl.hp.com> archive/latest/3060
According to my notes from the Memphis meeting, I agreed to draft
a clarification for the spec, in response to this item.  The
reference from the Issues List is to a message I wrote in December:


The question here is "when should a cache store and reuse a response
from a CGI script?".

I'm not sure that the HTTP/1.1 specification needs to say much more
about this ... but since it apparently was not sufficiently clear
to at least some readers, I'll propose an editorial change.

Currently, in section 13.9 (Side Effects of GET and HEAD) reads,
in its entirety:

   Unless the origin server explicitly prohibits the caching of their
   responses, the application of GET and HEAD methods to any resources
   SHOULD NOT have side effects that would lead to erroneous behavior if
   these responses are taken from a cache. They may still have side
   effects, but a cache is not required to consider such side effects in
   its caching decisions. Caches are always expected to observe an
   origin server's explicit restrictions on caching.

   We note one exception to this rule: since some applications have
   traditionally used GETs and HEADs with query URLs (those containing a
   "?" in the rel_path part) to perform operations with significant side
   effects, caches MUST NOT treat responses to such URLs as fresh unless
   the server provides an explicit expiration time. This specifically
   means that responses from HTTP/1.0 servers for such URIs should not
   be taken from a cache. See section 9.1.1 for related information.

[9.1.1 defines "safe methods".]

I propose adding this to the end of section 13.9:

	Note that some HTTP/1.0 cache operators have found that it is
	dangerous to cache responses to requests for URLs including the
	string "cgi-bin".  HTTP/1.1 caches should follow this practice
	for responses that do not include an explicit expiration time.
	HTTP/1.1 origin servers that want to allow caching of responses
	for URLs including "?" or "cgi-bin" SHOULD include an explicit
	expiration time.  Explicit expiration times may be specified
	using Expires, or the max-age directive of Cache-Control, or


P.S.: I base the first sentence in the note on the sample configuration
file distributed with a recent version of the Squid cache software.
If this is actually contrary to normal practice, someone should say so.
Received on Tuesday, 15 April 1997 17:23:44 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 14:40:19 UTC