Re: does no-store request invalidate?

On Tue, 2005-07-26 at 20:52 +0200, Robert Olofsson wrote:
> Alex Rousskov wrote:
> 
> >  5. Client requests the same entity A again, without using no-store.
> >  6. Cache serves the "old" entity A cached in step #2 above.
> >
> >Does the cache violate the intent of RFC 2616 in step #6? If yes, should
> >that intent be made explicit (I cannot find any explicit rules
> >prohibiting the above behavior)?  
>
> I would say that it violates the rfc:
> "If sent in a request, a cache MUST NOT store any part of either this
>  request or any response to it"

The "any response TO IT" clause does not include responses to previous
or future requests. It seems to apply to a response received during the
no-store transaction in question.

> Every request passing through a proxy have a few different possible
> responses:
> 1) No response at all (proxy crashes), hopefully this does not happen.
> 2) Use a cached response.
> 3) Get response from real server/chained proxy.
> 
> Depending on Cache-Control headers responses from 2 might
> be filtered (returning 304) and/or not used (when no-cache).
>
> My interpretation of a no-store header is that I have to remove
> alternative 2. Remove meaning delete the response from the
> cache in this case.

I agree that alternative 2 (use cached response) is not allowed.
Unfortunately, I cannot see any requirement that implies that not using
a cached response means deleting that response from the cache.

> Of course my interpretation of "any" might be wrong.
> Especially if one consider the case of a server generated no-store:
> "If sent in a response, a cache MUST NOT store any part of either this
>  response or the request that elicited it."
> 
> Which seems to say that it is ok for a cache to keep any old response...

Yes, this is a similar case, but here we can at least argue that the two
responses are different (one has no-store and the other one does not)
and so the old one has to be deleted to match the server info (even
though there seem to be no explicit requirement about that). In my
original case, the server responses may be identical (but do not have to
be).

Regards,

Alex.

Received on Tuesday, 26 July 2005 20:17:30 UTC