无缓存和必须重新验证之间的区别 [英] Difference between no-cache and must-revalidate
问题描述
来自 RFC 2616
From the RFC 2616
http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9.1
无缓存
如果 no-cache 指令没有指定字段名,则缓存不得使用响应来满足后续请求与源服务器成功重新验证.这允许一个起源服务器以防止缓存,即使已配置为缓存返回对客户端请求的陈旧响应.
If the no-cache directive does not specify a field-name, then a cache MUST NOT use the response to satisfy a subsequent request without successful revalidation with the origin server. This allows an origin server to prevent caching even by caches that have been configured to return stale responses to client requests.
因此它指示代理重新验证所有响应.
So it directs agents to revalidate all responses.
对比一下
必须重新验证
当收到的响应中存在 must-revalidate 指令时通过缓存,该缓存不得在条目变旧后使用该条目响应后续请求而不首先重新验证它源站
When the must-revalidate directive is present in a response received by a cache, that cache MUST NOT use the entry after it becomes stale to respond to a subsequent request without first revalidating it with the origin server
因此它指示代理重新验证陈旧响应.
So it directs agents to revalidate stale responses.
特别是关于no-cache,用户代理实际上是如何根据经验处理这个指令的?
Particularly with regard to no-cache, is this how user agents actually, empirically treat this directive?
如果有 must-revalidate 和 max-age,no-cache 有什么意义?
What's the point of no-cache if there's must-revalidate and max-age?
看到这条评论:
http://palpapers.plynt.com/issues/2008Jul/cache-控制属性/
无缓存
虽然这个指令听起来像是在指示浏览器不要缓存页面,有一个微妙的区别.无缓存"指令,根据RFC,告诉浏览器它应该重新验证在从缓存中提供页面之前的服务器.重新验证是一个使应用程序节省带宽的巧妙技术.如果浏览器缓存的页面没有改变,服务器只是发出信号到浏览器,页面从缓存中显示.因此,浏览器(至少在理论上)将页面存储在其缓存中,但是仅在与服务器重新验证后才显示它.在实践中,IE和 Firefox 已开始将 no-cache 指令视为指示浏览器甚至不要缓存页面.我们开始观察大约一年前的这种行为.我们怀疑这种变化是该指令的广泛(和不正确)使用促使防止缓存.
Though this directive sounds like it is instructing the browser not to cache the page, there’s a subtle difference. The "no-cache" directive, according to the RFC, tells the browser that it should revalidate with the server before serving the page from the cache. Revalidation is a neat technique that lets the application conserve band-width. If the page the browser has cached has not changed, the server just signals that to the browser and the page is displayed from the cache. Hence, the browser (in theory, at least), stores the page in its cache, but displays it only after revalidating with the server. In practice, IE and Firefox have started treating the no-cache directive as if it instructs the browser not to even cache the page. We started observing this behavior about a year ago. We suspect that this change was prompted by the widespread (and incorrect) use of this directive to prevent caching.
有没有人对此有更官方的消息?
Has anyone got anything more official on this?
更新
当且仅当未能验证对表示的请求可能导致错误操作(例如静默未执行的金融交易)时,服务器才应使用 must-revalidate 指令.
The must-revalidate directive ought to be used by servers if and only if failure to validate a request on the representation could result in incorrect operation, such as a silently unexecuted financial transaction.
直到现在我才把这件事放在心上.RFC 说不要轻易使用 must-revalidate.问题是,对于 Web 服务,您必须采取消极的态度,并为未知的客户端应用程序假设最坏的情况.任何陈旧的资源都有可能导致问题.
That's something I've never taken to heart until now. The RFC is saying not to use must-revalidate lightly. The thing is, with web services, you have to take a negative view and assume the worst for your unknown client apps. Any stale resource has the potential to cause a problem.
还有一些我刚刚考虑过的东西,如果没有 Last-Modified 或 ETags,浏览器只能再次获取整个资源.然而,对于 ETags,我观察到 Chrome 至少似乎对每个请求都进行了重新验证.这使得这两个指令都没有实际意义,或者至少名称很差,因为它们无法正确重新验证,除非请求还包含其他导致始终重新验证"的标头.
And something else I've just considered, without Last-Modified or ETags, the browser can only fetch the whole resource again. However with ETags, I've observed that Chrome at least seems to revalidate on every request. Which makes both these directives moot or at least poorly named since they can't properly revalidate unless the request also includes other headers that then cause 'always revalidate' anyway.
我只想更清楚地说明最后一点.通过仅设置 must-revalidate 但不包括 ETag 或 Last-Modified,代理只能再次获取内容,因为它没有任何内容可以发送到服务器进行比较.
I just want to make that last point clearer. By just setting must-revalidate but not including either an ETag or Last-Modified, the agent can only get the content again since it has nothing to send to the server to compare.
然而,我的经验测试表明,当响应中包含 ETag 或修改后的标头数据时,无论 must-revalidate 标头是否存在,代理总是会重新验证.
However, my empirical testing has shown that when ETag or modified header data is included in responses, the agents always revalidate anyway, regardless of the presence of the must-revalidate header.
所以 must-revalidate 的重点是在它变得陈旧时强制绕过缓存",这只能在您设置生命周期/年龄时发生,因此如果 必须-revalidate 设置在没有年龄或其他标头的响应上,它实际上等同于 no-cache,因为响应将立即被视为过时.
So the point of must-revalidate is to force a 'bypass cache' when it goes stale, which can only happen when you have set a lifetime/age, thus if must-revalidate is set on a response with no age or other headers, it effectively becomes equivalent to no-cache since the response will be considered immediately stale.
-- 所以我最终要标记 Gili 的答案!
-- So I'm going to finally mark Gili's answer!
推荐答案
我相信 must-revalidate 意味着:
一旦缓存过期,拒绝向用户返回陈旧的响应即使他们说陈旧的回应是可以接受的.
Once the cache expires, refuse to return stale responses to the user even if they say that stale responses are acceptable.
而 no-cache 意味着:
must-revalidate 加上响应立即变得陈旧的事实.
must-revalidateplus the fact the response becomes stale right away.
如果响应可以缓存 10 秒,则 must-revalidate 会在 10 秒后生效,而 no-cache 意味着 must-revalidate> 0 秒后.
If a response is cacheable for 10 seconds, then must-revalidate kicks in after 10 seconds, whereas no-cache implies must-revalidate after 0 seconds.
至少,这是我的解释.
这篇关于无缓存和必须重新验证之间的区别的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
