On Tue, 2 Aug 2005, Bruce Badger wrote:
HTTP/1.x 200 OK Cache-Control: public, max-age=0
Why public?
So, my expectation was that the max-age would mean that no cached responses would be served - clearly wrong.
public says the response is good for all users even if the request contained authentication credentials. This should only be used on public static content which does not need any protection and may be cached at any level.
max-age says that proxies must attempt to revalidate the page before sending the response to the client. If this revalidation is not successful the proxy MAY send the original response (and should in such case include a Warning header about the fact which Squid currently does not, and no clients cares about anyway). no-cache is a shorthand for max-age=0 with the exception that many implementations (Squid included) handles no-cache as a synonym for no-store.
Could someone point out my mistake, and perhaps point me to the place in the mountain of documentation I should be looking?
If you have pages which are user specific then you SHOULD use "Cache-Control: private", not "public".
Good background reading is HTTP/1.1 RFC 2616 "4.9.1 What is Cacheable" and "4.9.2 What May be Stored by Caches". This explains the concepts pretty well I think.
Regards Henrik
