no-cache和must-revalidate之间的区别 [英] Difference between no-cache and must-revalidate

问题描述

来自RFC 2616

From the RFC 2616

http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9.1

no-cache

no-cache

如果no-cache指令没有指定字段名，那么缓存
绝不能使用响应满足后续请求而没有
与原始服务器成功重新验证。这允许origin
服务器阻止缓存，即使已经配置为
的缓存返回对客户端请求的陈旧响应。

If the no-cache directive does not specify a field-name, then a cache MUST NOT use the response to satisfy a subsequent request without successful revalidation with the origin server. This allows an origin server to prevent caching even by caches that have been configured to return stale responses to client requests.

因此，它指示代理重新验证所有响应。

So it directs agents to revalidate all responses.

将此与

必须重新验证

must-revalidate

当缓存中收到
的响应中存在must-revalidate指令时，该缓存不得使用条目变为陈旧的
以响应后续请求而不首先使用
原始服务器重新验证它

When the must-revalidate directive is present in a response received by a cache, that cache MUST NOT use the entry after it becomes stale to respond to a subsequent request without first revalidating it with the origin server

因此，它指示代理重新验证过时的响应。

So it directs agents to revalidate stale responses.

特别是关于 no-cache ，这是用户代理实际上如何根据经验处理这个指令吗？

Particularly with regard to no-cache, is this how user agents actually, empirically treat this directive?

no-cache 如果必须重新验证和 max-age ？

见这个纪念nt：

http ：//palpapers.plynt.com/issues/2008Jul/cache-control-attributes/

no-cache

no-cache

虽然这个指令听起来像是指示浏览器不要
缓存页面，但是有一个细微的区别。根据RFC，无缓存指令
告诉浏览器它应该在从缓存提供页面之前用
服务器重新验证。重新验证是一种
整洁的技术，可以让应用程序保持带宽。如果浏览器缓存的
页面没有更改，则服务器只向浏览器发出
信号，并从缓存中显示该页面。因此，
浏览器（理论上至少）将页面存储在其缓存中，但
仅在重新验证服务器后显示它。在实践中，IE
和Firefox已经开始处理no-cache指令，好像它是
指示浏览器甚至不缓存页面。大约一年前，我们开始观察
这种行为。我们怀疑这个变化是
，这是由于该指令广泛使用（并且不正确）导致
阻止缓存。

Though this directive sounds like it is instructing the browser not to cache the page, there’s a subtle difference. The "no-cache" directive, according to the RFC, tells the browser that it should revalidate with the server before serving the page from the cache. Revalidation is a neat technique that lets the application conserve band-width. If the page the browser has cached has not changed, the server just signals that to the browser and the page is displayed from the cache. Hence, the browser (in theory, at least), stores the page in its cache, but displays it only after revalidating with the server. In practice, IE and Firefox have started treating the no-cache directive as if it instructs the browser not to even cache the page. We started observing this behavior about a year ago. We suspect that this change was prompted by the widespread (and incorrect) use of this directive to prevent caching.

有没有人对此有任何更正式的事情？

Has anyone got anything more official on this?

更新

当且仅当未能验证对表示的请求可能导致不正确的操作时，必须使用re-validate指令才能被服务器使用，例如无声的未执行的金融交易。

The must-revalidate directive ought to be used by servers if and only if failure to validate a request on the representation could result in incorrect operation, such as a silently unexecuted financial transaction.

这是我从未想过的事情。 RFC表示不要轻易使用must-revalidate。问题是，对于Web服务，您必须采取负面视图并假设您的未知客户端应用程序最糟糕。任何过时的资源都有可能导致问题。

That's something I've never taken to heart until now. The RFC is saying not to use must-revalidate lightly. The thing is, with web services, you have to take a negative view and assume the worst for your unknown client apps. Any stale resource has the potential to cause a problem.

还有其他我刚刚考虑的事情，没有Last-Modified或ETags，浏览器只能获取整个资源再次。但是对于ETag，我发现Chrome至少似乎在每次请求时重新验证。这使得这两个指令都没有实际意义或至少命名不好，因为它们无法正确地重新验证，除非请求还包含其他标题，然后导致始终重新验证。

And something else I've just considered, without Last-Modified or ETags, the browser can only fetch the whole resource again. However with ETags, I've observed that Chrome at least seems to revalidate on every request. Which makes both these directives moot or at least poorly named since they can't properly revalidate unless the request also includes other headers that then cause 'always revalidate' anyway.

I只是想让最后一点更清楚。通过设置必须重新验证但不包括ETag或Last-Modified，代理只能再次获取内容，因为它没有任何内容可以发送到服务器进行比较。

I just want to make that last point clearer. By just setting must-revalidate but not including either an ETag or Last-Modified, the agent can only get the content again since it has nothing to send to the server to compare.

但是，我的实证测试表明，当ETag或修改的标题数据包含在响应中时，代理总是会重新验证，无论是否存在必须重新验证标题。

However, my empirical testing has shown that when ETag or modified header data is included in responses, the agents always revalidate anyway, regardless of the presence of the must-revalidate header.

所以必须重新验证的点是当它变为陈旧时强制旁路缓存，这只能在您设置了生命周期/年龄时发生，因此如果必须重新验证在没有响应的情况下设置年龄或其他标题，它实际上等同于 no-cache ，因为响应将立即被视为陈旧。

So the point of must-revalidate is to force a 'bypass cache' when it goes stale, which can only happen when you have set a lifetime/age, thus if must-revalidate is set on a response with no age or other headers, it effectively becomes equivalent to no-cache since the response will be considered immediately stale.

- 所以我最终要记下Gili的答案！

-- So I'm going to finally mark Gili's answer!

推荐答案

我相信必须重新验证表示缓存过期后，拒绝e即使他们说陈旧的回答是可以接受的，也要向用户返回过时的回复。而 no-cache 暗示必须重新验证以及响应立即变为陈旧的事实。

I believe that must-revalidate means "once the cache expires, refuse to return stale responses to the user even if they say that stale responses are acceptable". Whereas no-cache implies must-revalidate plus the fact the response becomes stale right away.

如果响应可缓存10秒，则必须重新验证在10秒后启动，而 no-缓存暗示必须在0秒后重新验证。

If a response is cacheable for 10 seconds, then must-revalidate kicks in after 10 seconds, whereas no-cache implies must-revalidate after 0 seconds.

至少，这是我的解释。

这篇关于no-cache和must-revalidate之间的区别的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！