Cache in CDN but not in browser

Question

I currently use Akamai as a CDN, but I noticed that the browser is also caching content. It's great that the browser caches images/css/js, but I would like to know if there is a way to not cache on the browser, but to cache in Akamai.

Now, right now from my origin I send headers like this:

Cache-Control: public, must-revalidate, max-age=300
Expires: Sun, 19 Feb 2012 19:04:30 GMT
Date: Sun, 19 Feb 2012 18:59:30 GMT

Akamai honors these headers, but also passes them right back to the user. This makes it so the browser actually caches the content also.

This works great most of the time, but we also have some CDN logic that if a user has a logged in cookie, to bypass the CDN cache and go right to origin.

So, if let's say an un-authed user is on a clicks "login", they are then sent through the login process and brought back to the same page. Even though the CDN would request from origin for this page, the browser actually requests the same page again and it looks as if the login hasn't worked.

Now, I can force that a login process adds a query param like ?l=1 or something, but there has to be a better way.

I'm tempted to see if Akamai can overwrite the the Cache-Control header to a hard coded no-cache value, but I'm wondering if there is a way to do this in origin?

Thanks!

Answer 1

Akamai has a header called "Edge-control" of the same format as Cache-Control. You can specify the Edge-control with a positive max-age and then set Cache-Control to "no-cache, no-store". This should get what you want.

When sending the Edge-control header for a page I want cached, I always precede the value with "!no-store" to make sure Akamai caches it. So the format would be "!no-store,max-age=1234" for instance.

Answer 2

Akamai does provide a means to set different caching behaviour within the Akamai servers vs the usual Cache-Control: and Expires: headers. There are custom headers you can pass from your origin servers that the Akamai edge servers understand, obey and strip when they pass the content on to the browser. This information is available within the Akamai portal documentation.

In your case you want the behaviour to change depending on whether a user is logged in or not. You can ask that that the object bypasses the cache when the object is being delivered to the browser for logged in users or you could use cookie values to modify the cache key (how the object is referenced by the Akamai server), but you may need to speak with Akamai for help here.

You will need to be very careful here to ensure that something personalised cannot be viewed by other users of the Akamai cache. If in doubt, err on the side of caution and don't allow Akamai to cache the object.