Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Avoid caching of the http responses

What is the definitive solution for avoid any kind of caching of http data? We can modify the client as well as the server - so I think we can split the task between client and the server.

Client can append to each request a random parameter http://URL/path?rand=6372637263 – My feeling is that using only this way it is not working 100% - might be there are some intelligent proxies, which can detect that… On the other side I think that if the URL is different from the previous one, the proxy cannot simply decide to send back some cached response.

On server can control a bunch of HTTP headers:

Expires: Tue, 03 Jul 2001 06:00:00 GMT Last-Modified: {now} GMT Cache-Control: no-store, no-cache, must-revalidate, max-age=0 Cache-Control: post-check=0, pre-check=0 Pragma: no-cache 

Any comments to this, what is the best approach?

like image 500
STeN Avatar asked Mar 27 '12 06:03

STeN


People also ask

What is HTTP response cache?

android.net.http.HttpResponseCache. Caches HTTP and HTTPS responses to the filesystem so they may be reused, saving time and bandwidth. This class supports HttpURLConnection and HttpsURLConnection ; there is no platform-provided cache for DefaultHttpClient or AndroidHttpClient .

Does HTTP use caching?

HTTP is designed to cache as much as possible, so even if no Cache-Control is given, responses will get stored and reused if certain conditions are met. This is called heuristic caching. For example, take the following response. This response was last updated 1 year ago.

Which HTTP caching header is used to avoid making requests to the origin server?

Expiration is the caching mechanism by which a client can entirely avoid making requests to the origin server. When the origin server specifies an explicit expiration time in the resource, a cache can check that expiration time and respond accordingly without having to contact the server first.


1 Answers

Server-side cache control headers should look like:

Expires: Tue, 03 Jul 2001 06:00:00 GMT Last-Modified: {now} GMT Cache-Control: max-age=0, no-cache, must-revalidate, proxy-revalidate 

Avoid rewriting URLs on the client because it pollutes caches, and causes other weird semantic issues. Furthermore:

  • Use one Cache-Control header (see rfc 2616) because behaviour with multiple entries is undefined. Also the MSIE specific entries in the second cache-control are at best redundant.

  • no-store is about data security. (it only means don't write this to disk - caches are still allowed to store the response in memory).

  • Pragma: no-cache is meaningless in a server response - it's a request header meaning that any caches receiving the request must forward it to the origin.

  • Using both Expires (http/1.0) and cache-control (http/1.1) is not redundant since proxies exist that only speak http/1.0, or will downgrade the protocol.

  • Technically, the last modified header is redundant in light of no-cache, but it's a good idea to leave it in there.

  • Some browsers will ignore subsequent directives in a cache-control header after they come across one they don't recognise - so put the important stuff first.

like image 93
symcbean Avatar answered Oct 04 '22 17:10

symcbean