代理缓存 - cookie 怎么样? [英] Proxy cacheing - What about cookies?

问题描述

我阅读了 http://code.google.com/speed/page-speed/docs/caching.html.它说代理服务器可能会缓存 cookie.我需要澄清一下.

I read http://code.google.com/speed/page-speed/docs/caching.html. It says that proxy servers may cache cookies. I need clarification.

假设我的文件有这个标题:Cache-Control "max-age=604800, public"
Q.1. 有了这个标头，当访问静态文件时，来自个人计算机的 cookie 是否会缓存在代理服务器上?(那么，下一个访问文件的人会获取其他人的 cookie 吗?)

Let's say I have this header for my files: Cache-Control "max-age=604800, public"
Q.1. With this header, will the cookies from a person's computer be cached on the proxy server when a static file is accessed? (Then, would the next person to access the file pick up the other person's cookies?)

现在，假设缓存代码变成了 Cache-Control "max-age=7200, proxy-revalidate".
Q.2.代理服务器上的 cookie 缓存有何不同?

Now, let's say the cache code went like Cache-Control "max-age=7200, proxy-revalidate" instead.
Q.2. What would be the difference as far as cookie cacheing on the proxy server?

现在我有一个关于实际设置 cookie 的文件(例如 Javascript 或 PHP)的问题.
Q.3. cookie 会缓存在代理服务器什么时候访问这些类型的文件?还是缓存和静态文件一样?

Now I have a question about files that actually set cookies (such as Javascript or PHP).
Q.3. Will cookies be cached on the proxy server when these kinds of files are accessed? Or is the cacheing the same as static files?

如果你想知道，我问这些事情的原因是因为我不一个人的cookies被代理缓存，从而转移给另一个人.所以任何澄清都会真正有帮助.非常感谢！

In case you are wondering, the reason I ask these things is because I do not one person's cookies to be proxy cached, and thus transferred to another person. So any clarification would really help. Thank you so much!

非常感谢大家的帮助.但我仍然需要多一点澄清.

如果我有使用标头 Cache-Control "max-age=604800, public" 的文件，任何请求 cookie (Cookie) 或响应 cookie (Set-Cookie) 被传输到另一个用户的计算机(因为它在缓存中)?还是会仅缓存该个人用户的浏览?如果设置为 Cache-Control "max-age=7200, proxy-revalidate" 呢?再次感谢.

Thank you very much for all the help. But I still need a little more clarification.

If I have files using header Cache-Control "max-age=604800, public", will any request cookies (Cookie) or response cookies (Set-Cookie) be transferred to another user's computer (since its in the cache)? Or will it be cached only for that individual user's browsing? What about if the setting is Cache-Control "max-age=7200, proxy-revalidate"? Thanks again.

推荐答案

这取决于代理和 Vary 响应头.通常，代理不会缓存对具有 Cookie 标头的请求的响应.但是，这并不能完全保证.

It depends on the proxy and on the Vary response-header. In general, proxies will not cache a response to a request that has a Cookie header. However, that is not really guaranteed.

当您使用指令 public 指定 Cache-Control 标头时，您要求代理在不同客户端之间共享缓存.这可能不是您的意图，因此您应该指定 private 代替.请参阅:http://www.mnot.net/cache_docs/#CACHE-CONTROL

When you specify your Cache-Control header with the directive public, you are asking proxies to share the cache between different clients. That is presumably not your intention, so you should specify private instead. See: http://www.mnot.net/cache_docs/#CACHE-CONTROL

代理服务器上的 cookie 缓存有何不同?

What would be the difference as far as cookie cacheing on the proxy server?

不是真的.它所做的只是告诉代理它不应该从陈旧的缓存中提供服务.它不影响缓存的控制方式.

Not really. All it does is it tells the proxy that it shouldn't serve from a stale cache. It doesn't affect how the cache is controlled.

访问这些类型的文件时，cookie 会缓存在代理服务器上吗?还是缓存和静态文件一样?

Will cookies be cached on the proxy server when these kinds of files are accessed? Or is the cacheing the same as static files?

对于 http 级别的软件(例如代理)，静态和动态内容之间没有区别.Cookie 只是与请求(Cookie 标头)一起发送或与响应(Set-Cookie 标头)一起发送的 http 标头

For a http level piece of software (e.g. a proxy), there is no difference between static and dynamic content. Cookies are merely http-headers that are sent with a request (Cookie header) or sent with a response (Set-Cookie headers)

如果您在浏览器中设置了 cookie(通过 Javascript 或从服务器端，通过 Set-Cookie 标头)，浏览器会将 cookie 与所有后续请求一起发送回相同的领域.它通过在请求中添加 Cookie 标头来实现这一点.

If you set a cookie in the browser (either through Javascript or from the server side, through a Set-Cookie header), the browser will send the cookie back with all subsequent requests to the same domain. It does this by adding a Cookie header with the requests.

我确实希望将我的实际文件缓存在代理上，而不是个人用户的 cookie.我该怎么做?

I do want my actual files to be cached on the proxy, but not individual users' cookies. How do I do this?

您需要避免缓存任何响应:

You need to avoid caching any response that either:

• 包含一个 Set-Cookie 标头(因为这会被代理缓存)
• 服务器端有副作用(例如，您的应用程序接收请求很重要 - 例如，缓存跟踪像素没有意义)
• 请求 Cookie 标头的内容决定了呈现的内容(例如，打印Welcome back, John Doe"或其他自定义内容)

• Contains a Set-Cookie header (Since this would get cached by the proxy)
• There is a side effect on the server side (E.g. it's important for your application to receive the request - For example, it wouldn't make sense to cache a tracking pixel)
• Where the contents of the requests Cookie header determines what gets rendered (E.g. printing "Welcome back, John Doe" or other customisation)

具体如何执行取决于您的后端技术.您的应用程序知道 Cookie 标头对于响应是否重要，或者响应是否可能包含 Set-Cookie 标头.

How exactly you'll do that depends on your backend technology. It's your application that knows whether the Cookie header is significant for the response or whether a response could potentially contain a Set-Cookie header.

在我使用的应用程序框架中，有一个用于设置缓存过期标头的功能.如果我调用它并在同一个请求中访问 c​​ookie，我会得到一个错误.这确保我不会意外地要求代理缓存私有内容.您需要在您的应用程序中实现类似的逻辑.

In the application framework that I use, there is a function for setting cache-by-expires headers. If I call that and within the same request access cookies, I'll get an error. This ensures that I don't accidentally ask a proxy to cache private content. You need a similar logic implemented in your application.

或者，您可以配置一个边缘级代理来做同样的事情.如果您不完全控制应用程序，通常会这样做.

Alternatively, you can configure an edge-level proxy to do the same thing. That's usually done if you don't control the application completely.

如果我有使用标头 Cache-Control "max-age=604800, public" 的文件，是否会将任何请求 cookie (Cookie) 或响应 cookie (Set-Cookie) 传输到另一个用户的计算机(因为它在缓存中)?还是仅针对该个人用户的浏览进行缓存?

If I have files using header Cache-Control "max-age=604800, public", will any request cookies (Cookie) or response cookies (Set-Cookie) be transferred to another user's computer (since its in the cache)? Or will it be cached only for that individual user's browsing?

请求 cookie 不会被缓存，也不会传输到任何地方.响应(Set-Cookie) 被缓存.由于您将 cache-control 指定为 public，它将在所有客户端之间共享.请注意，即使请求 cookie 没有直接缓存，如果您在页面中呈现依赖于 cookie 的某些内容(例如，如果您将 cookie 用于服务器端会话状态，例如身份验证)，您将缓存个性化响应.

The request cookies are not cached and will not be transferred anywhere. The response (Set-Cookie) is cached. Since you specify cache-control as public, it will be shared amongst all clients. Note that even though the request cookie isn't directly cached, if you render something in the page, that relies on cookies (E.g. if you use the cookie for server side session state, such as authentication), you will cache the personalised response.

如果设置为 Cache-Control "max-age=7200, proxy-revalidate" 呢?再次感谢.

What about if the setting is Cache-Control "max-age=7200, proxy-revalidate"? Thanks again.

同样的事情.proxy-revalidate 通知任何代理(如果有的话)它们可能不提供一个陈旧的缓存.例如.7200 秒过后，应立即清除缓存.如果没有这个，缓存通常会继续提供一个陈旧的缓存，然后在达到超时后在后台获取一个新的副本.与否 - 取决于代理.

Same thing. proxy-revalidate informs any proxies (if there are any) that they may not serve a stale cache. E.g. once the 7200 seconds have passed, the cache should be purged immediately. Without this, caches will generally keep serving a stale cache and then fetch a fresh copy in the background, once the timeout has been reached. Or not - Depends on the proxy.

这篇关于代理缓存 - cookie 怎么样?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！