- From: Jeffrey Mogul <mogul@pa.dec.com>
- Date: Thu, 11 Apr 96 15:46:33 MDT
- To: "Roy T. Fielding" <fielding@avron.ICS.UCI.EDU>
- Cc: http-caching@pa.dec.com
> The difference between "max-age=0" and "must-revalidate" for caches > that play by the transparency rules is that, if revalidation fails > because of network failure: > > - with "max-age=0", you return a stale 200 (OK) response with a > warning header attached > > - with "must-revalidate", you return a 5xx error response > > So must-revalidate is more than just "really really max-age=0". > > Speaking in road-sign metaphors, "max-age=0" means "speed limit 50 > Km/h", while "must-revalidate" means "WARNING: sharp turn: safe > maximal speed 50 Km/h". If you ignore the first, you only sin against > community standards. If you ignore the second, you end up upside down > besides the road. That is a better description and justification -- it should be included in the specification. I can live with must-revalidate if it implies derailment. Here is the language that I have now: If a cache returns a stale response, either because of a max-stale directive on a request, or because the cache is configured to override the expiration time of a response, the cache MUST attach a Warning header to the stale response, using Warning 10 (Response is stale). and Because a cache may be configured to ignore a server's specified expiration time, and because a client request may include a max-stale directive, which has a similar effect, the protocol also includes a mechanism for the origin server to require revalidation of a cache entry on any subsequent use. When the ``must-revalidate'' directive is present in a response received by a cache, that cache MUST NOT use the value to respond to a subsequent request without first revalidating it with the origin server. (I.e., the cache must do an end-to-end revalidation every time.) The ``must-revalidate'' directive is necessary to support reliable operation for cookies and certain other protocol features. In all circumstances an HTTP/1.1 cache MUST obey the ``must-revalidate'' directive; in particular, if the cache cannot reach the origin server for any reason, it MUST generate a 504 (Gateway Timeout) response. Note that HTTP/1.0 caches will ignore this directive. The ``must-revalidate'' directive is semantically equivalent to the ``max-age=0'' directive, except that it overrides all other expiration mechanisms and configuration parameters. Servers should send the ``must-revalidate'' directive if and only if failure to revalidate a request on the entity could result in significantly incorrect operation, such as a silently unexecuted financial transaction. Recipients MUST not take any automated action that violates this directive, and MUST not automatically provide an unvalidated copy of the entity if revalidation fails. Although this is not recommended, user agents operating under severe connectivity constraints may violate this directive but if so, MUST explicitly warn the user that an unvalidated response has been provided. The warning MUST be provided on each unvalidated access, and SHOULD require explicit user confirmation. -Jeff
Received on Thursday, 11 April 1996 23:21:57 UTC