- From: Roy T. Fielding <fielding@avron.ICS.UCI.EDU>
- Date: Fri, 12 Apr 1996 03:47:53 -0700
- To: Jeffrey Mogul <mogul@pa.dec.com>
- Cc: http-caching@pa.dec.com
>> The difference between "max-age=0" and "must-revalidate" for caches
>> that play by the transparency rules is that, if revalidation fails
>> because of network failure:
>>
>> - with "max-age=0", you return a stale 200 (OK) response with a
>> warning header attached
>>
>> - with "must-revalidate", you return a 5xx error response
>>
>> So must-revalidate is more than just "really really max-age=0".
>>
>> Speaking in road-sign metaphors, "max-age=0" means "speed limit 50
>> Km/h", while "must-revalidate" means "WARNING: sharp turn: safe
>> maximal speed 50 Km/h". If you ignore the first, you only sin against
>> community standards. If you ignore the second, you end up upside down
>> besides the road.
>
> That is a better description and justification -- it should be included
> in the specification. I can live with must-revalidate if it implies
> derailment.
>
> Here is the language that I have now: ...
Nope, not strong enough. I meant it when I said derailment -- it can only
be considered different from max-age=0 if it MUST cause total failure
on the user agent if disobeyed. There should not be any exceptions, even
for PDAs. It must not be used unless total failure is preferable to
a warning.
[also, it does not apply to all uses of cookies -- only the particular
usage that Koen described.]
.....Roy
Received on Friday, 12 April 1996 11:33:58 UTC