w

HTTP The Definitive Guide

11.6.9 Cookies and Caching
You have to be careful when caching documents that are involved with cookie transactions. You don't
want to assign one user some past user's cookie or, worse, show one user the contents of someone
else's personalized document.
The rules for cookies and caching are not well established. Here are some guiding principles for
dealing with caches:
Mark documents uncacheable if they are

The document owner knows best if a document is uncacheable. Explicitly mark documents
uncacheable if they are—specifically, use Cache-Control: no-cache="Set-Cookie" if the
document is cacheable except for the Set-Cookie header. The other, more general practice of
using Cache-Control: public for documents that are cacheable promotes bandwidth savings in
the Web. Be cautious about caching Set-Cookie headers
If a response has a Set-Cookie header, you can cache the body (unless told otherwise), but
you should be extra cautious about caching the Set-Cookie header. If you send the same Set-
Cookie header to multiple users, you may be defeating user targeting.
Some caches delete the Set-Cookie header before storing a response in the cache, but that also
can cause problems, because clients served from the cache will no longer get cookies slapped
on them that they normally would without the cache. This situation can be improved by
forcing the cache to revalidate every request with the origin server and merging any returned
Set-Cookie headers with the client response. The origin server can dictate such revalidations
by adding this header to the cached copy:
Cache-Control: must-revalidate, max-age=0
More conservative caches may refuse to cache any response that has a Set-Cookie header,
even though the content may actually be cacheable. Some caches allow modes when Set-
Cookied images are cached, but not text.
Be cautious about requests with Cookie headers
When a request arrives with a Cookie header, it provides a hint that the resulting content
might be personalized. Personalized content must be flagged uncacheable, but some servers
may erroneously not mark this content as uncacheable.
Conservative caches may choose not to cache any document that comes in response to a
request with a Cookie header. And again, some caches allow modes when Cookied images
are cached, but not text. The more accepted policy is to cache images with Cookie headers,
with the expiration time set to zero, thus forcing a revalidate every time.

Cookies and Caching Client Identification的更多相关文章

  1. Cookies and Session Tracking Client Identification cookie与会话跟踪 客户端识别

    w HTTP The Definitive Guide Cookies can be used to track users as they make multiple transactions to ...

  2. Technical analysis of client identification mechanisms

    http://www.chromium.org/Home/chromium-security/client-identification-mechanisms Chromium‎ > ‎Chro ...

  3. Cookies Client Identification

    HTTP The Definitive Guide Cookies are the best current way to identify users and allow persistent se ...

  4. Cookies, Security, and Privacy Client Identification

    w HTTP The Definitive Guide Cookies themselves are not believed to be a tremendous security risk, be ...

  5. Fat URLs Client Identification

    w在每个URL后面都附加一个用户特有的标识码. HTTP The Definitive Guide Some web sites keep track of user identity by gene ...

  6. The Personal Touch Client Identification 个性化接触 客户识别

    w服务器要知道和谁在交谈. HTTP The Definitive Guide Web servers may talk to thousands of different clients simul ...

  7. combined with the Referer header, to potentially build an exhaustive data set of user profiles and browsing habits Client Identification

    w https://www.zhihu.com/question/35307626 w 0-客户端(附加用户信息)首次请求服务端--->服务端生成session(有唯一性).session_id ...

  8. Client IP Address Client Identification

    HTTP The Definitive Guide Early web pioneers tried using the IP address of the client as a form of i ...

  9. HTTP Headers Client Identification

    用户信息通过HTTP头部承载:不能实现用户唯一性标识. w HTTP The Definitive Guide Table 11-1 shows the seven HTTP request head ...

随机推荐

  1. JS自定义去除字符串左右两边的指定字符

    function ltrim(str,char){ var pos = str.indexOf(char); var sonstr = str.substr(pos+1); return sonstr ...

  2. Spring学习11-Spring使用proxool连接池 管理数据源

    Spring 一.Proxool连接池简介及其配置属性概述   Proxool是一种Java数据库连接池技术.是sourceforge下的一个开源项目,这个项目提供一个健壮.易用的连接池,最为关键的是 ...

  3. 中兴ZXV10 B860AV1.1 全TTL操作完美破解

    本文转自:http://www.znds.com/tv-496624-1-1.html 1)前期准备工作 1.1 拆开盒子,TTL接线,这个论坛里有好多其它帖子,就不再详细描述. 1.2 复制需要安装 ...

  4. 椭圆曲线密码体制(ECC)简介

    一.椭圆曲线的基本概念 简单的说椭圆曲线并不是椭圆,之所以称为椭圆曲线是因为他们是用三次方程来表示,并且该方程与计算椭圆周长的方程相似. 对密码学比较有意义的是基于素数域GF(p)和基于二进制域(GF ...

  5. [转]基于Storm的实时数据处理方案

    1 文档说明 该文档描述的是以storm为主体的实时处理架构,该架构包括了数据收集部分,实时处理部分,及数据落地部分. 关于不同部分的技术选型与业务需求及个人对相关技术的熟悉度有关,会一一进行分析. ...

  6. web.xml文件中<mime-mapping>

    http://blog.csdn.net/sccemstanford/article/details/9064155 ————————————————————————————————————————— ...

  7. Easyui 编辑表格行删除

    1.问题描述 easyui 编辑表格新增一条数据后,删除最后一行删除不了,原因是没有提交数据acceptChanges. 源码中deleteRow方法,根据坐标获取行html,方法为opts.find ...

  8. 微信JS-SDK文档

    微信JS SDK 调用详解   微信JS SDK 调用详解... 1 概述... 2 使用说明... 2 接口调用说明... 4 基础接口... 4 判断当前客户端版本是否支持指定JS接口... 5 ...

  9. 那么类 Man 可以从类 Human 派生,类 Boy 可以从类 Man 派生

    若在逻辑上 B 是 A 的“一种”(a kind of ),则允许 B 继承 A 的功 能和属性. 例如男人(Man)是人(Human)的一种,男孩(Boy)是男人的一种. 那么类 Man 可以从类 ...

  10. java----监听器的作用

    Web监听器导图详解   监听器是JAVA Web开发中很重要的内容,其中涉及到的知识,可以参考下面导图: Web监听器 1 什么是web监听器? web监听器是一种Servlet中的特殊的类,它们能 ...