w

HTTP The Definitive Guide

11.6.9 Cookies and Caching
You have to be careful when caching documents that are involved with cookie transactions. You don't
want to assign one user some past user's cookie or, worse, show one user the contents of someone
else's personalized document.
The rules for cookies and caching are not well established. Here are some guiding principles for
dealing with caches:
Mark documents uncacheable if they are

The document owner knows best if a document is uncacheable. Explicitly mark documents
uncacheable if they are—specifically, use Cache-Control: no-cache="Set-Cookie" if the
document is cacheable except for the Set-Cookie header. The other, more general practice of
using Cache-Control: public for documents that are cacheable promotes bandwidth savings in
the Web. Be cautious about caching Set-Cookie headers
If a response has a Set-Cookie header, you can cache the body (unless told otherwise), but
you should be extra cautious about caching the Set-Cookie header. If you send the same Set-
Cookie header to multiple users, you may be defeating user targeting.
Some caches delete the Set-Cookie header before storing a response in the cache, but that also
can cause problems, because clients served from the cache will no longer get cookies slapped
on them that they normally would without the cache. This situation can be improved by
forcing the cache to revalidate every request with the origin server and merging any returned
Set-Cookie headers with the client response. The origin server can dictate such revalidations
by adding this header to the cached copy:
Cache-Control: must-revalidate, max-age=0
More conservative caches may refuse to cache any response that has a Set-Cookie header,
even though the content may actually be cacheable. Some caches allow modes when Set-
Cookied images are cached, but not text.
Be cautious about requests with Cookie headers
When a request arrives with a Cookie header, it provides a hint that the resulting content
might be personalized. Personalized content must be flagged uncacheable, but some servers
may erroneously not mark this content as uncacheable.
Conservative caches may choose not to cache any document that comes in response to a
request with a Cookie header. And again, some caches allow modes when Cookied images
are cached, but not text. The more accepted policy is to cache images with Cookie headers,
with the expiration time set to zero, thus forcing a revalidate every time.

Cookies and Caching Client Identification的更多相关文章

  1. Cookies and Session Tracking Client Identification cookie与会话跟踪 客户端识别

    w HTTP The Definitive Guide Cookies can be used to track users as they make multiple transactions to ...

  2. Technical analysis of client identification mechanisms

    http://www.chromium.org/Home/chromium-security/client-identification-mechanisms Chromium‎ > ‎Chro ...

  3. Cookies Client Identification

    HTTP The Definitive Guide Cookies are the best current way to identify users and allow persistent se ...

  4. Cookies, Security, and Privacy Client Identification

    w HTTP The Definitive Guide Cookies themselves are not believed to be a tremendous security risk, be ...

  5. Fat URLs Client Identification

    w在每个URL后面都附加一个用户特有的标识码. HTTP The Definitive Guide Some web sites keep track of user identity by gene ...

  6. The Personal Touch Client Identification 个性化接触 客户识别

    w服务器要知道和谁在交谈. HTTP The Definitive Guide Web servers may talk to thousands of different clients simul ...

  7. combined with the Referer header, to potentially build an exhaustive data set of user profiles and browsing habits Client Identification

    w https://www.zhihu.com/question/35307626 w 0-客户端(附加用户信息)首次请求服务端--->服务端生成session(有唯一性).session_id ...

  8. Client IP Address Client Identification

    HTTP The Definitive Guide Early web pioneers tried using the IP address of the client as a form of i ...

  9. HTTP Headers Client Identification

    用户信息通过HTTP头部承载:不能实现用户唯一性标识. w HTTP The Definitive Guide Table 11-1 shows the seven HTTP request head ...

随机推荐

  1. 出现“unrecognized selector sent to instance”问题原因之一及解决方法。

      ​ 对于iPhone开发初学者来说,很想实现自己在iPhone上的第一个小程序,准备工作就绪侯就信心满满的开始了!一般来说大家可能都是从Hello World做起吧. 反正我是的,:),如果按照文 ...

  2. shell学习笔记之命令(四)

    命令的类型:1>.外部命令:在命令提示符中执行的普通命令.2>.内置命令:内置命令是在shell内部实现的. 1.break命令 #!/bin/sh rm -rf fred* echo & ...

  3. 从零开始,跟我一起做jblog项目(二)Maven

    从零开始,跟我一起做jblog项目(一)引言 从零开始,跟我一起做jblog项目(二)Maven maven是一个项目管理工具,尤其适用于JAVA世界 在jblog的开发前期,还没有系统使用过mave ...

  4. hdu 1006 Tick and Tick 有技巧的暴力

    Tick and Tick Time Limit: 2000/1000 MS (Java/Others)    Memory Limit: 65536/32768 K (Java/Others)Tot ...

  5. 重启oracle方法一二三

    startup nomount alter database mount alter database open Linux:方法1 用root以ssh登录到linux,打开终端输入以下命令: cd ...

  6. PostgreSQL入门指南

    默认端口:5432 创建用户与数据库 PostgreSQL初次安装后,默认会生成一个名为postgres的数据库和一个名为postgres的数据库用户.这里需要注意的是,同时还生成了一个名为postg ...

  7. 关于为空必填js判断

    为了减少一不必要的if逻辑判断,自已写了一个方法 $(function () { $("#btnAdd").click(function () { var strLinValu = ...

  8. 一般来说,主方法main()结束的时候线程结束

    suspend()是将一个运行时状态进入阻塞状态(注意不释放锁标记).恢复状态的时候用resume().Stop()指释放全部. 这几个方法上都有Deprecated标志,说明这个方法不推荐使用. 一 ...

  9. (转)Direct3d 设备丢失 (device lost)

    1.什么时候设备丢失 一个Direct3D设备, 有两种状态: 操作状态或丢失状态. 操作状态: 是设备的正常状态, 设备按预期运行, 并且能present所有渲染效果 丢失状态: 所有渲染操作悄然失 ...

  10. [转]seajs详解

    [转]seajs详解 SeaJS 是一个遵循commonJS规范的javascript模块加载框架,可以实现javascript的模块化开发和模块化加载(kk:模块可按需加载或全部加载). SeaJS ...