473,721 Members | 2,073 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

no-cache vs no-store

Hi All,
what is the diference between these two cache control header.

no-cache and no-store.

I have read the w3.org explanation.

So lets say I am using only no-cache ....my understanding is that
nothing is cached and nothing is writen to disk.

but what happens when we use no-store....i think..nothing is written
to disk but it could be cached.
Now my question where is this cache located...is it only in memory
?....if it is written to disk how log is it there and when does it gets
cleaned.

Is no-cache more secure than no-store ..why?

We can assume IIS and IE6.0 SP2 being used.
Thanks
Siddharth

Jun 8 '06 #1
18 9156
non-cache and no-store do not really mean not to cache, it means do not
reuse for a subsequent request.

remember the browser is not the only cache. proxy servers cache, web servers
cache, browsers cache, isps add caching routers. in the proxy server case,
it will fetch the page, but it need to maintain it in the cache until the
client has read all of it (as the client network may be a lot slower then
the proxy). if the proxy is handling 100's of requests at the same time, it
may not have enough memory to store these pages in memory and may not honor
the directive anyway.
see this w3c spec on building cache managers. read section 14.9.2

http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html

-- bruce (sqlwork.com)

<si************ @hotmail.com> wrote in message
news:11******** **************@ h76g2000cwa.goo glegroups.com.. .
Hi All,
what is the diference between these two cache control header.

no-cache and no-store.

I have read the w3.org explanation.

So lets say I am using only no-cache ....my understanding is that
nothing is cached and nothing is writen to disk.

but what happens when we use no-store....i think..nothing is written
to disk but it could be cached.
Now my question where is this cache located...is it only in memory
?....if it is written to disk how log is it there and when does it gets
cleaned.

Is no-cache more secure than no-store ..why?

We can assume IIS and IE6.0 SP2 being used.
Thanks
Siddharth

Jun 8 '06 #2
Bruce,
I understand that caching can happen at various places. But if you set
the caching headers at ISS- Website level than it should apply to all
i.e IE,proxies etc..

thanks for your response but I was tryng to understand what is the
difference between non-cache and no-store?

Also if you look at "no-store" explanation on W3 site...this is what
it says

"The purpose of the no-store directive is to prevent the inadvertent
release or retention of sensitive information (for example, on backup
tapes). "

so my inderstanding was that it will not allow anything pesisted to
IE,proxy etc...I IE case i thought it will be TempInternet files folder
etc.
In other words is it that no-store is doing to achieve prevention of
the inadvertent release or retention of sensitive information?
what is the difference between no-cahe and no-store ?

Thanks
Siddharth

Jun 8 '06 #3
I have found that no-store is what to use if you do not want firefox to
display the original downloaded content. For example I wrote an app that let
people change where boxed in areas of a web site were located. Like Google
Personal or Windows Live. Now if a user moved things around, which would be
saved through AJAX and happened back to a cached/stored version of the page
none of there changes would show up because the request is not being made to
the server. So I always use:

Response.Cache. SetCacheability (HttpCacheabili ty.ServerAndNoC ache);
Response.Cache. SetAllowRespons eInBrowserHisto ry(false);
Response.Cache. SetNoStore();

If I absouletely want the client to have to go to the server for the
request, instead of hitting one of the cached locations.

"si************ @hotmail.com" wrote:
Hi All,
what is the diference between these two cache control header.

no-cache and no-store.

I have read the w3.org explanation.

So lets say I am using only no-cache ....my understanding is that
nothing is cached and nothing is writen to disk.

but what happens when we use no-store....i think..nothing is written
to disk but it could be cached.
Now my question where is this cache located...is it only in memory
?....if it is written to disk how log is it there and when does it gets
cleaned.

Is no-cache more secure than no-store ..why?

We can assume IIS and IE6.0 SP2 being used.
Thanks
Siddharth

Jun 8 '06 #4
no-cache - will not save the file to temp internet files like you mentioned.

no-store - will not save the request or the response to and from the server
anywhere, thus forcing the request to be renewed with each visit as I
explained prior. Also I have read it makes it so you cannot use "File > Save"
on a web page.

"si************ @hotmail.com" wrote:
Bruce,
I understand that caching can happen at various places. But if you set
the caching headers at ISS- Website level than it should apply to all
i.e IE,proxies etc..

thanks for your response but I was tryng to understand what is the
difference between non-cache and no-store?

Also if you look at "no-store" explanation on W3 site...this is what
it says

"The purpose of the no-store directive is to prevent the inadvertent
release or retention of sensitive information (for example, on backup
tapes). "

so my inderstanding was that it will not allow anything pesisted to
IE,proxy etc...I IE case i thought it will be TempInternet files folder
etc.
In other words is it that no-store is doing to achieve prevention of
the inadvertent release or retention of sensitive information?
what is the difference between no-cahe and no-store ?

Thanks
Siddharth

Jun 8 '06 #5
Thanks Jeremy...

Is it correct to say that no-store is a super set of no-cache.

in other words when you use no-store it will not save anything just
like using no-cache in temp folders etc.. plus restrict other things
like "save as" also.

Thanks
Siddharth

Jun 8 '06 #6
Not Necassarily because if you have caching allowed and no-store set it will
force the user to make a new request, but I believe if that request returns
that there is not a difference between the content that is in your cache it
will let the cache serve it to you.

"si************ @hotmail.com" wrote:
Thanks Jeremy...

Is it correct to say that no-store is a super set of no-cache.

in other words when you use no-store it will not save anything just
like using no-cache in temp folders etc.. plus restrict other things
like "save as" also.

Thanks
Siddharth

Jun 8 '06 #7
Thaks Jeremy
what is the difference between "Pragma: No-cache" and "Cache Conrol :
no-cache"

Jun 8 '06 #8

<si************ @hotmail.com> wrote in message
news:11******** **************@ h76g2000cwa.goo glegroups.com.. .
Hi All,
what is the diference between these two cache control header.

no-cache and no-store.

I have read the w3.org explanation.

So lets say I am using only no-cache ....my understanding is that
nothing is cached and nothing is writen to disk.

but what happens when we use no-store....i think..nothing is written
to disk but it could be cached.
Now my question where is this cache located...is it only in memory
?....if it is written to disk how log is it there and when does it gets
cleaned.

Is no-cache more secure than no-store ..why?

We can assume IIS and IE6.0 SP2 being used.
Thanks
Siddharth


There seems to be considerable confusion in this thread. However the w3
specs are quite clear as to the function of these values.

Cache-Control: no-cache

When an responses passes through a cache and the entity is cachable (has an
ETag or Last-Modified-Date or possible other rules a cache might use) it
will be cached (even with this header present).

When a subsequent request for that entity arrives at the cache ordinarily
the cache may have used various rules ot determine whether it passes on the
request to the original server (or other proxy in the chain) or whether to
supply the cached entity it has. However since the the original response
carried the no-cache directive the cache MUST not supply the cached entity
with out checking back with the original server. It will use a GET with
If-Modified-Since and/or if-no-match headers and may get a 304 response
indicating it can go ahead and use the cached entity.

Cache-Control: no-store

When a response passes through a cache that has the no-store value the cache
MUST not keep a copy of the entity in the message. Simple as that, no
permanent copy should be found of it anywhere between the origin server and
the browser itself (include the local temporary cache). For buffering
purpose it may appear on disk in a transient file but the file should be
deleted as soon as the cache has passed the entity on.

Pragma: no-cache

Is depracated in HTTP/1.1. It is equivalent to Cache-Control: no-cache. A
client can request that the cache chain between it and the origin server
check to make sure that any entity it intends to send from it's store is up
to date first.

Anthony.
Jun 9 '06 #9
Anthony,
Thanks for the reply.
1)So what happens if you use no-cache with max age of 1 second .....and
no-store on same site together...how does it work...

2)Is it correct that if you use SSL nothing is stored on the browser
caches
as this document states...

So in other words if you use SSL you don't have to worry about caching
security riks on client IE....I think it still caches even if you are
using SSL but this document suggest otherwise..

http://www.mnot.net/cache_docs/

=============== =============== ===============
Should I worry about security if people access my site through a cache?
SSL pages are not cached (or decrypted) by proxy caches, so you don't
have to worry about that. However, because caches store non-SSL
requests and URLs fetched through them, you should be conscious about
unsecured sites; an unscrupulous administrator could conceivably gather
information about their users, especially in the URL.

In fact, any administrator on the network between your server and your
clients could gather this type of information. One particular problem
is when CGI scripts put usernames and passwords in the URL itself; this
makes it trivial for others to find and user their login.

If you're aware of the issues surrounding Web security in general,
you shouldn't have any surprises from proxy caches.
=============== =============== ===============

if you have a chance check my message with subject line..
"SSL,IISCac he control headers and opening PDF files"

in the same group.
Thanks
Siddharth

Jun 9 '06 #10

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

19
11150
by: Chris Allen | last post by:
Hi I'm new to PHP and I'm trying to create a Login Form. Once the user has logged in then he shouldn't have to log in again. The trouble is I'm getting a new session ID between every page and so it doesn't recognise the user. I've used Session_Start() which I thought was meant to maintain the session variables between pages but it doesn't do work. Any ideas or FAQ's?
0
7475
by: sandeep G | last post by:
I've a table which has a number & a blob column, both of which are NOT NULL type. This table is composite partitioned using range & hash on the same column. Each partition is sub partitioned into two. Now if I try to move the partitions to a different tablespace I get an oracle error sayiing that ERROR: ORA_14257 cannot move partition other than a Range or Hash partition Now is there any other way to move the partition to another
7
4339
by: George | last post by:
I am trying to set up a login-logout website. I have a cookie about the login status. I put it as logout once the logout link is clicked. And I put a little security check about the status of the cookie variable everytime before loading the detailed member profiling. The page layout is like: Login page,-->check the login name/password database-->profile page(only login cookie is true, redirect back to login if false)
2
3197
by: Jonathan Trevor | last post by:
Hi, For the last couple of releases of a product we're developing we've been running to very wierd behavior from IE and our ASP.NET web application which serves up various types of files and I'm getting very frustrated in trying to solve it! We content we are serving up is potentially sensitive and therefore we DO NOT want it cached on the remote client (IE) beyond the lifetime of the application rendering it (IE, Powerpoint, Word...
14
2090
by: Tom.PesterDELETETHISSS | last post by:
Hi, I think this question requires an in depth understanding of how a browser cache works. I hope I can reach an expert here. I may have found a quirk in the asp.net documentation or I don't understand what the SetAllowResponseInBrowserHistory does. While researching caching I tried the code sample at the following page : http://msdn2.microsoft.com/library/97wcd0a4(en-us,vs.80).aspx
3
1187
by: Vikas Kumar | last post by:
Hi am using usercontrols in my application like header and footer and some other i want to do cashing on them how will i do that i mean will i have to write <%5@outputcache...... on my user control i want to do caching for 1 hr what will be the exact statement that i will write on my user controls
7
1318
by: toubuddy | last post by:
dear how do we disable the back and forward button on internet explorer.
22
8212
by: canabatz | last post by:
Hi all! i got a countdown timer for auctions that runing. i got a DIV that refreshs every 4 seconds that DIV is refreshed by ajax ,the file that is refreshed is timer.php for example!! my problem is that the timer.php is not showing up. if i run the timer.php alone it is showing the timer ,the problem i think it's because the timer sits inside the ajax DIV and that is what i think making me the problem!!
9
2067
by: canabatz | last post by:
i am not sure if this is the right way to use this AJAX script i did! i want to know i f it will be compatible with IE 6 also!! function getXMLHttp() { var xmlHttp; try { //Firefox, Opera 8.0+, Safari
9
1402
by: techuse | last post by:
document.getElementById('util_overview').innerHTML = "";
0
8847
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, weíll explore What is ONU, What Is Router, ONU & Routerís main usage, and What is the difference between ONU and Router. Letís take a closer look ! Part I. Meaning of...
0
9372
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
1
9137
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
0
9071
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
0
4490
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
0
4758
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
3197
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
2
2581
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
3
2135
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.