W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2009

Re: httpbis-p6-cache-06 and no-store response directive

From: Jamie Lokier <jamie@shareable.org>
Date: Thu, 25 Jun 2009 01:17:29 +0100
To: Henrik Nordstrom <henrik@henriknordstrom.net>
Cc: Bil Corry <bil@corry.biz>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-ID: <20090625001729.GG14121@shareable.org>
Henrik Nordstrom wrote:
> ons 2009-06-24 klockan 16:32 -0500 skrev Bil Corry:
> 
> > Is there a resource that gives the "official" way to prevent caching across all browsers and proxies?
> 
> RFC2616?

No, because it does not cover all browsers and proxies.
Only those conforming to RFC2616.

It probably doesn't even cover most proxies.  When did Squid get
HTTP/1.1 support?

> RFC2616 rules is simple:
> 
> Not cached:
> 
> Expires: Date header or older
> Cache-Control: no-cache
> 
> and avoid any cache validator (Last-Modified/ETag)
> 
> Not cached by proxies but cached in browsers:
> 
> Expires: Date header or older
> Cache-Control: private, max-age=NN

If the Expires is older than Date, I see why the proxy can't cache,
but why do think it permits caching in browsers?

> The Expires requirement is due to HTTP/1.0 legacy.
> 
> In practice using very old date for Expires is probably better as some
> cache implementations take the Expires date literally not compensating
> for clock skew when origin server clock is ahead of the cache clock...
> (implementation bugs..)

Is the common advice to include "Pragma: no-cache" unnecessary?

There's also the Microsoft ones, post-check and pre-check:

The post-check and pre-check cache-control extensions are defined as follows:

    * post-check

        o Defines an interval in seconds after which an entity must be
          checked for freshness. The check may happen after the user
          is shown the resource but ensures that on the next roundtrip
          the cached copy will be up-to-date.

    * pre-check

          o Defines an interval in seconds after which an entity must
          be checked for freshness prior to showing the user the
          resource.

I'm not quite sure how these differ from max-age, but they presumably do.

Some advice on disabling caching includes these.
The whole set I'm aware of is:

    Pragma: no-cache
    Cache-Control: no-cache,max-age=0,must-revalidate,pre-check=0,post-check=0
    Expires: A-VERY-OLD-DATE

But then you have to jump through hoops to make sure some versions of
IE will not fetch <img> files in a single page multiple times, once
per instance.

-- Jamie
Received on Thursday, 25 June 2009 00:18:05 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:04 GMT