Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Cache-Control: 'private' makes 'no-cache="set-cookie"' unnecessary?

My reading of the definition of the 'private' directive for the Cache-Control header is that it will prevent any part of the response from being cached by intermediate proxies. So based on that, it sounds like if I'm using the 'private' directive then there's no need to also use a 'no-cache="set-cookie"' directive to tell intermediate proxies to suppress caching of the Set-Cookie header.

However, in section 4.2.3 in this document, it says:

The origin server should send the following additional HTTP/1.1 response headers, depending on circumstances:

  • To suppress caching of the Set-Cookie header: Cache-control: no-cache="set-cookie".

    and one of the following:

  • To suppress caching of a private document in shared caches: Cache-control: private.

    [...]

and I see a ton of examples online that have both directives.

So do I really need both of those to prevent intermediate proxies from caching a Set-Cookie header? I've been doing some testing, and it seems like Internet Explorer is responding to the 'no-cache="set-cookie"' directive by issuing a full request every subsequent time, so I'd rather not include it if it's not necessary.

like image 361
Philip Wilcox Avatar asked Oct 10 '12 21:10

Philip Wilcox


People also ask

What does Cache-Control private mean?

Cache-Control: Private The private response directive indicates that a resource is user specific—it can still be cached, but only on a client device. For example, a web page response marked as private can be cached by a desktop browser, but not a content delivery network (CDN).

Is Cache-Control private safe?

It is meant for the end user, and no one else. FYI, the RFC makes clear that this does not provide security. It is about showing the correct content, not securing content. This usage of the word private only controls where the response may be cached, and cannot ensure the privacy of the message content.

What is no cache set Cookie?

The no-cache="Set-Cookie" tells the browser not to cache the server "Set-Cookie" header, but follow different rules for the rest of the request.

How do I use Cache-Control without cache?

To use cache-control in HTML, you use the meta tag, e.g. The value in the content field is defined as one of the four values below. HTTP 1.1. Allowed values = PUBLIC | PRIVATE | NO-CACHE | NO-STORE.


Video Answer


1 Answers

Cache-Control: Private will stop intermediary caches from storing the content, so the set-cookie directive isn't applicable in this case.

like image 102
Andy Davies Avatar answered Oct 30 '22 17:10

Andy Davies