W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2009

Re: httpbis-p6-cache-06 and no-store response directive

From: Jamie Lokier <jamie@shareable.org>
Date: Sun, 28 Jun 2009 23:56:30 +0100
To: Mark Nottingham <mnot@mnot.net>
Cc: Bil Corry <bil@corry.biz>, Henrik Nordstrom <henrik@henriknordstrom.net>, yngve@opera.com, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-ID: <20090628225630.GF29896@shareable.org>
On 25/06/2009, at 10:46 AM, Jamie Lokier wrote:

>This is what I've found, for the paranoid:
>
>   Pragma: no-cache
>   Cache-Control: no-cache,max-age=0,must-revalidate,pre- 
>check=0,post-check=0
>   Expires: VERY-OLD-DATE
>
>The apparently redundant fields are in case of implementations which
>don't understand, or don't correctly implement, the other fields.
>
>There's probably a browser out there which doesn't understand
>"Cache-Control: no-cache,..." when there's anything else on the same
>line.  IE had a reputation for being a bit rigid in how it recognises
>some headers.  But I'm pretty sure anything like that will recognise
>"Pragma: no-cache" so it doesn't matter.

We can also add:

If client may be Opera (who knows about others), going from other
messages in this thread:

   - Use HTTPS if you do want caching but you want must-revalidate to
     be honoured in history browsing.  A complicated quirk, yet
     important to anything with sessions revealing personal data.

   - Cache-Control: no-cache doesn't prevent caching.  You may still
     see If-Modified requests, validating a response which was sent
     with no-cache.

-- Jamie
Received on Sunday, 28 June 2009 22:57:08 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:04 GMT