Can you please describe an example indicating difference between Public and Private Cache-Control in asp.net applications hosted in IIS.
I read in MSDN that the difference is the following:
Public: Sets Cache-Control: public to specify that the response is cacheable by clients and shared (proxy) caches.
Private: Default value. Sets Cache-Control: private to specify that the response is cacheable only on the client and not by shared (proxy server) caches.
I am not sure I have completely understood the pros and cons from each choice. An example for when to or not to use it would be great.
For example what should I do if i have two web servers hosting the same application? Is there anything to watch out if I choose Private or Public?
Public cache is cache that can be accessed by everyone. A single copy of a publicly-cached page is stored and served to everyone who requests it. Private cache is only accessible to an individual visitor.
Cache-Control: PrivateThe private response directive indicates that a resource is user specific—it can still be cached, but only on a client device. For example, a web page response marked as private can be cached by a desktop browser, but not a content delivery network (CDN).
It is meant for the end user, and no one else. FYI, the RFC makes clear that this does not provide security. It is about showing the correct content, not securing content. This usage of the word private only controls where the response may be cached, and cannot ensure the privacy of the message content.
The max-age directive on a response implies that the response is cacheable (i.e., "public") unless some other, more restrictive cache directive is also present.
The only difference is that with Private you are not allowing proxies to cache the data that travels through them. In the end, it all boils down to the data contained in the pages/files you are sending.
For example, your ISP could have an invisible proxy between you and the Internet, that is caching web pages to reduce the amount of bandwidth needed and lower costs. By using cache-control:private, you are specifying that it shouldn't cache the page (but allowing the final user to do so). If you use cache-control: public, you are saying that it's okay for everyone to cache the page, and so the proxy would keep a copy.
As a rule of thumb, if it's something everybody can access (for example, the logo in this page) cache-control: public might be better, because the more people that cache it, the less bandwidth you'll need. If it's something that is related to the connected user (for example, the HTML in this page includes my username, so it won't be useful to anyone else) cache-control: private will be better, as the proxies would be caching data that won't be requested by other users, and they might also be keeping data that you don't want to be kept in servers that you don't trust.
And, of course, everything that is not public should have a private cache. Otherwise the data might be stored in a middle proxy server, were it could be accessed by anyone with access to it.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With