w

HTTP The Definitive Guide

11.6.9 Cookies and Caching
You have to be careful when caching documents that are involved with cookie transactions. You don't
want to assign one user some past user's cookie or, worse, show one user the contents of someone
else's personalized document.
The rules for cookies and caching are not well established. Here are some guiding principles for
dealing with caches:
Mark documents uncacheable if they are

The document owner knows best if a document is uncacheable. Explicitly mark documents
uncacheable if they are—specifically, use Cache-Control: no-cache="Set-Cookie" if the
document is cacheable except for the Set-Cookie header. The other, more general practice of
using Cache-Control: public for documents that are cacheable promotes bandwidth savings in
the Web. Be cautious about caching Set-Cookie headers
If a response has a Set-Cookie header, you can cache the body (unless told otherwise), but
you should be extra cautious about caching the Set-Cookie header. If you send the same Set-
Cookie header to multiple users, you may be defeating user targeting.
Some caches delete the Set-Cookie header before storing a response in the cache, but that also
can cause problems, because clients served from the cache will no longer get cookies slapped
on them that they normally would without the cache. This situation can be improved by
forcing the cache to revalidate every request with the origin server and merging any returned
Set-Cookie headers with the client response. The origin server can dictate such revalidations
by adding this header to the cached copy:
Cache-Control: must-revalidate, max-age=0
More conservative caches may refuse to cache any response that has a Set-Cookie header,
even though the content may actually be cacheable. Some caches allow modes when Set-
Cookied images are cached, but not text.
Be cautious about requests with Cookie headers
When a request arrives with a Cookie header, it provides a hint that the resulting content
might be personalized. Personalized content must be flagged uncacheable, but some servers
may erroneously not mark this content as uncacheable.
Conservative caches may choose not to cache any document that comes in response to a
request with a Cookie header. And again, some caches allow modes when Cookied images
are cached, but not text. The more accepted policy is to cache images with Cookie headers,
with the expiration time set to zero, thus forcing a revalidate every time.

Cookies and Caching Client Identification的更多相关文章

  1. Cookies and Session Tracking Client Identification cookie与会话跟踪 客户端识别

    w HTTP The Definitive Guide Cookies can be used to track users as they make multiple transactions to ...

  2. Technical analysis of client identification mechanisms

    http://www.chromium.org/Home/chromium-security/client-identification-mechanisms Chromium‎ > ‎Chro ...

  3. Cookies Client Identification

    HTTP The Definitive Guide Cookies are the best current way to identify users and allow persistent se ...

  4. Cookies, Security, and Privacy Client Identification

    w HTTP The Definitive Guide Cookies themselves are not believed to be a tremendous security risk, be ...

  5. Fat URLs Client Identification

    w在每个URL后面都附加一个用户特有的标识码. HTTP The Definitive Guide Some web sites keep track of user identity by gene ...

  6. The Personal Touch Client Identification 个性化接触 客户识别

    w服务器要知道和谁在交谈. HTTP The Definitive Guide Web servers may talk to thousands of different clients simul ...

  7. combined with the Referer header, to potentially build an exhaustive data set of user profiles and browsing habits Client Identification

    w https://www.zhihu.com/question/35307626 w 0-客户端(附加用户信息)首次请求服务端--->服务端生成session(有唯一性).session_id ...

  8. Client IP Address Client Identification

    HTTP The Definitive Guide Early web pioneers tried using the IP address of the client as a form of i ...

  9. HTTP Headers Client Identification

    用户信息通过HTTP头部承载:不能实现用户唯一性标识. w HTTP The Definitive Guide Table 11-1 shows the seven HTTP request head ...

随机推荐

  1. 【C语言】18-变量类型

    一.变量的作用域 C语言根据变量作用域的不同,将变量分为局部变量和全局变量. 1.局部变量 1> 定义:在函数内部定义的变量,称为局部变量.形式参数也属于局部变量. 2> 作用域:局部变量 ...

  2. MUTT+MSMTP利用163服务器发送邮件

    监控系统发送告警邮件,我们自己搭建邮件服务器,成本较高,所以可以使用163等第三方MTA帮助我们发送.MUTT+MSMTP是一个很好的选择,具体实现如下: tar -xvf msmtp-1.6.5.t ...

  3. 使用模板方法模式简化JDBC操作

    在使用JDBC时,会重复的写很多重复的代码,例如 Connection conn = null; PreparedStatement ps = null; ResultSet rs = null; S ...

  4. STM32CubeMX新建工程+基本IO配置过程

    Ⅰ.写在前面 学习本文之前可以查看我前面的文章: STM32CubeMX介绍.下载与安装 STM32CubeMX使用方法及功能介绍 本文接着上一篇文章结合基本IO配置实例,讲述关于STM32CubeM ...

  5. RegisterStartupScript 后退重复提示解决方法

    我在后台调用RegisterStartupScript注册脚本,提示用户是否要跳转到另外一个页面,可是问题就来了,跳转到另外一个页面后,一旦用户后退,原来的页面就会又提示脚本信息, 后来自己想了想,用 ...

  6. 得到application

    ServletContext application = request.getSession().getServletContext();        String basePath = (Str ...

  7. [Java] 高效快速导入EXCEL数据

    需求1.高效率的以excel表格的方式导入多条数据.2.以身份证号为唯一标识,如果身份证号已存在,则该条数据不导入. 分析刚开始的时候是传统的做法,解析excel数据,获取单个对象,判断身份证是否已存 ...

  8. php -- 反射ReflectionClass

    反射类:ReflectionClass 反射就是将其他类的结构给反应出来,从而可以对类的结构进行了解便于对类的使用. ReflectionClass::export(类名); 返回结果为三个数组:常量 ...

  9. 【BZOJ】1176: [Balkan2007]Mokia(cdq分治)

    http://www.lydsy.com/JudgeOnline/problem.php?id=1176 在写这题的时候思维非常逗啊........2333................... 最后 ...

  10. 【noip模拟题】藏宝图(prim)

    好神的一题.. 一开始没想多久就看题解了QAQ.. 首先我们发现,这棵树任意两个点的边一定是最小的(即所有其它这两个点的路径都比这条边大,才有可能出解) 然后生成树后再算距离判断即可.. 注意特判n= ...