- From: Luigi Rizzo <luigi@labinfo.iet.unipi.it>
- Date: Fri, 5 Jan 1996 15:13:36 +0100 (MET)
- To: http-caching@pa.dec.com
- Cc: luigi@labinfo.iet.unipi.it (Luigi Rizzo)
Maybe this has already been said, in which case I have lost it, but I think the discussion on side effects is only of interest from the point of view of the correctness of caching. When you establish a connection with a party, there is no way you cannot tell what the other party does with the data you supply. Actually, each request has many side effects, implemented by most clients, servers and caches, such as log the request, update counters, cache data, possibly charge you for the service, etc. Some of them have no effect on the document, some have. Thus: > Jeffrey Mogul writes: > ... > > > > My vote is for "no GET/HEAD side effects except for retrieval charges." > > > > -Jeff We should not even care about this. Well, maybe we should, it's a "cash" problem after all :) Somebody else (Shel ?) said: > > I generally agree with what you said, but let me point out two things: > > Thing 1. since forms can be submitted through the use of GET, it is > hard to legislate the no-side-effects rule. I believe it is for this > reason that as a heuristic, caches typically do not cache the output > of GETs on URLs with '?' in them. Note that with the scheme I The point is, if a server does not explicitly say that a document can be cached or not, we can only infer its properties from other information, and we can fail. If we specify (in the standard) that a given method should not have side effect, we are just specifying the default behaviour of our cache. The same reasoning applies to security issues: if we have sensitive data, we better not send them out in an insecure way, or be prepared to any misuse (it is of little interest if this is done the cache, or by the end user). As a matter of fact, the use of POST instead of GET for this purpose just gives a sense of false confidence. Luigi ==================================================================== Luigi Rizzo Dip. di Ingegneria dell'Informazione email: luigi@iet.unipi.it Universita' di Pisa tel: +39-50-568533 via Diotisalvi 2, 56126 PISA (Italy) fax: +39-50-568522 http://www.iet.unipi.it/~luigi/ ====================================================================
Received on Friday, 5 January 1996 14:41:52 UTC