W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > September to December 1998

Re: Cache-control and Authentication

From: Scott Lawrence <lawrence@agranat.com>
Date: Tue, 01 Sep 1998 15:11:42 +0000
Message-Id: <35EC0EAE.87A564EC@agranat.com>
To: "Nottingham, Mark (Australia)" <mark_nottingham@exchange.au.ml.com>
Cc: http-wg@hplb.hpl.hp.com
Nottingham, Mark (Australia) wrote:

> Let's say a server has content that clients access through a 1.1-capable
> cache (this is internal, so it can be controlled). There is a section of
> the content that requires basic authentication, but the content does not
> change based upon that authentication; any user-specific changes
> controlled by the path, query and parameters.
> 
> What is the correct way to allow caches to keep, and satisfy requests
> from, a local copy, while still forcing the request to be revalidated

I believe that the correct way to do this is:

Cache-Control: must-revalidate

In addition to being controlled, I would also make it checked - look for a
1.0 revision in the Via header (so that you know whether or not you've got a
1.1 client or downstream proxy), and add 'Pragma: no-cache' header to
prevent 1.0 caches from holding it just in case.

-- 
Scott Lawrence           Consulting Engineer      <lawrence@agranat.com>
Agranat Systems, Inc.  Embedded Web Technology   http://www.agranat.com/
Received on Tuesday, 1 September 1998 08:19:23 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:33:23 EDT