473,836 Members | 1,412 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

no-cache vs no-store

Hi All,
what is the diference between these two cache control header.

no-cache and no-store.

I have read the w3.org explanation.

So lets say I am using only no-cache ....my understanding is that
nothing is cached and nothing is writen to disk.

but what happens when we use no-store....i think..nothing is written
to disk but it could be cached.
Now my question where is this cache located...is it only in memory
?....if it is written to disk how log is it there and when does it gets
cleaned.

Is no-cache more secure than no-store ..why?

We can assume IIS and IE6.0 SP2 being used.
Thanks
Siddharth

Jun 8 '06
18 9164
I meant .....
Cache-Control: max-age= 1 second....and no-store together

thanks
Siddharth

Jun 9 '06 #11

<si************ @hotmail.com> wrote in message
news:11******** **************@ f6g2000cwb.goog legroups.com...
Anthony,
Thanks for the reply.
1)So what happens if you use no-cache with max age of 1 second .....and
no-store on same site together...how does it work...

Site is irrelevant from the HTTP point of view this URL

http://mysite.com/myfolder/mypage.asp?val=1

and this URL

http://mysite.com/myfolder/mypage.asp?val=2

are entirely different resources and they each can have completely different
headers.

If you are asking what happens if you response to a single URL with both
no-cache and no-store then one would hope a cache implementaion would honor
the no-store over the no-cache but to be sure it wouldn't be wise to send
both in the same response. max-age will be ignored if either of these is
present.

2)Is it correct that if you use SSL nothing is stored on the browser
caches
as this document states...

That's an interesting question. I would doubt that SSL trafffic even passes
through a proxy server, its a low-level encryption scheme that uses a
different IP port. There is no way for anything between the client and
orign server to examine the contents of https messages since only the client
and the origin server have the key necessary to decrypt the messages.

So in other words if you use SSL you don't have to worry about caching
security riks on client IE....I think it still caches even if you are
using SSL but this document suggest otherwise..

http://www.mnot.net/cache_docs/

=============== =============== ===============
Should I worry about security if people access my site through a cache?
SSL pages are not cached (or decrypted) by proxy caches, so you don't
have to worry about that. However, because caches store non-SSL
requests and URLs fetched through them, you should be conscious about
unsecured sites; an unscrupulous administrator could conceivably gather
information about their users, especially in the URL.

In fact, any administrator on the network between your server and your
clients could gather this type of information. One particular problem
is when CGI scripts put usernames and passwords in the URL itself; this
makes it trivial for others to find and user their login.

If you're aware of the issues surrounding Web security in general,
you shouldn't have any surprises from proxy caches.
=============== =============== ===============

if you have a chance check my message with subject line..
"SSL,IISCac he control headers and opening PDF files"

in the same group.
Thanks
Siddharth

Jun 9 '06 #12

<si************ @hotmail.com> wrote in message
news:11******** **************@ i40g2000cwc.goo glegroups.com.. .
I meant .....
Cache-Control: max-age= 1 second....and no-store together

max-age will be ignored since the entity will not be cached.
thanks
Siddharth

Jun 9 '06 #13
Anthony,
if I use no-store than there is no need or meaning to using no-cache
....is that right...

To be able to cache pages IE has to store it some where
(TempInternetFi les etc..)....which no-store will not allow...
So in other words they are mutually exclusive.
It doesn't make sense to use both ....Is that right?
What I m trying to do is ..I want to allow caching but only for a short
time like a second...and as soon as that time (1 second in my example)
is over page should dissapear from all caches and all storages..
There should not be any copy in IE cache ,proxy cache etc...

Is there a way to do this? If yes what sholud be my header settings to
accomplish this...

Now why do i need this...because IE need to be abale to cache the
document if you are trying to show a out of process document like
..pdf,.doc.
But if i allow it to sit in IE cache or any other local storage
indefinitly that could be a security risk.

Also you apply headers to a site in IIS ..or atleast that is one of the
places to apply headers.
Every reuest that for a resurce with in that site will have the headers
that you configured at the site level...so I am not sure what you mean
by site is irrelevant?
thanks
Siddharth

Jun 9 '06 #14
Pragma: No-cache has been deprecated in favor of Cache Control.

<si************ @hotmail.com> wrote in message
news:11******** *************@h 76g2000cwa.goog legroups.com...
Thaks Jeremy
what is the difference between "Pragma: No-cache" and "Cache Conrol :
no-cache"

Jun 9 '06 #15
Anthony,
if I use no-store than there is no need or meaning to using no-cache
.....is that right...

To be able to cache pages IE has to store it some where
(TempInternetFi les etc..)....which no-store will not allow...
So in other words they are mutually exclusive.
It doesn't make sense to use both ....Is that right?
What I m trying to do is ..I want to allow caching but only for a short
time like a second...and as soon as that time (1 second in my example)
is over page should dissapear from all caches and all storages..
There should not be any copy in IE cache ,proxy cache etc...

Is there a way to do this? If yes what sholud be my header settings to
accomplish this...

Now why do i need this...because IE need to be abale to cache the
document if you are trying to show a out of process document like
...pdf,.doc.
But if i allow it to sit in IE cache or any other local storage
indefinitly that could be a security risk.

Also you apply headers to a site in IIS ..or atleast that is one of the
places to apply headers.
Every reuest that for a resurce with in that site will have the headers
that you configured at the site level...so I am not sure what you mean
by site is irrelevant?
thanks
Siddharth

Jun 9 '06 #16
this resource here mentions that they (SSL pages)are cached.

http://www.windowsitpro.com/Article/...652/26652.html

=============== =============== =============
By default, IE caches all pages, regardless of whether the pages are secure
(e.g., HTTPS pages, which use SSL). If you don't want IE to cache these
secure pages, you can perform the following steps for each user:

Start a registry editor (e.g., regedit.exe).
Navigate to the
HKEY_CURRENT_US ER\Software\Mic rosoft\Windows\ CurrentVersion\ Internet Settings
registry subkey.
From the Edit menu, select New, DWORD Value.
Enter a name of DisableCachingO fSSLPages, then press Enter.
Double-click the new value, set it to 1 to disable caching of SSL pages,
then click OK.
Close the registry editor.
Log off and log on for the change to take effect.


=============== =============== =========
Jun 9 '06 #17

"siddhath" <si******@discu ssions.microsof t.com> wrote in message
news:9B******** *************** ***********@mic rosoft.com...
Anthony,
if I use no-store than there is no need or meaning to using no-cache
....is that right...

To be able to cache pages IE has to store it some where
(TempInternetFi les etc..)....which no-store will not allow...
So in other words they are mutually exclusive.
It doesn't make sense to use both ....Is that right?

You're right is doesn't make sense.

What I m trying to do is ..I want to allow caching but only for a short
time like a second...and as soon as that time (1 second in my example)
is over page should dissapear from all caches and all storages..
There should not be any copy in IE cache ,proxy cache etc...

Is there a way to do this? If yes what sholud be my header settings to
accomplish this...

There is no way to guarantee when a cache will delete expired content.
Now why do i need this...because IE need to be abale to cache the
document if you are trying to show a out of process document like
..pdf,.doc.
But if i allow it to sit in IE cache or any other local storage
indefinitly that could be a security risk.

Using either no-store will break launching out-of-process consumers of
content.
no-cache can also break things I'm not entirely sure why but I've just tried
it and trying to launch a PDF into an external acrobat (using
content-dispositon: attachment;) fails with no-cache present.

You could consider using:-

Cache-Control: max-age=1, private

That way the only cache that will hold a copy will be the user private
temporary internet files. However with plenty of free disk space it will sit
in their cache for quite some time.

Also you apply headers to a site in IIS ..or atleast that is one of the
places to apply headers.
Every reuest that for a resurce with in that site will have the headers
that you configured at the site level...so I am not sure what you mean
by site is irrelevant?
At the time I assumed you meant putting no-store on some resources and
no-cache on others. As I pointed out to use both is non-sensical.
thanks
Siddharth

Jun 9 '06 #18
have you tried with only no store...that may work...
as this lnk sugget ...if you use href to open the document and use only
no-store it may work...

http://support.microsoft.com/default.aspx?kbid=812935

go to the work around section in this link...

let me know if it worked for you.....

I am going to try it here as well.

.....if ths does not work then .......I don't know how you can prevent
the caching of pdf on client machines when you are using SSL.???

Thanks
Siddharth

Jun 12 '06 #19

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

19
11154
by: Chris Allen | last post by:
Hi I'm new to PHP and I'm trying to create a Login Form. Once the user has logged in then he shouldn't have to log in again. The trouble is I'm getting a new session ID between every page and so it doesn't recognise the user. I've used Session_Start() which I thought was meant to maintain the session variables between pages but it doesn't do work. Any ideas or FAQ's?
0
7487
by: sandeep G | last post by:
I've a table which has a number & a blob column, both of which are NOT NULL type. This table is composite partitioned using range & hash on the same column. Each partition is sub partitioned into two. Now if I try to move the partitions to a different tablespace I get an oracle error sayiing that ERROR: ORA_14257 cannot move partition other than a Range or Hash partition Now is there any other way to move the partition to another
7
4347
by: George | last post by:
I am trying to set up a login-logout website. I have a cookie about the login status. I put it as logout once the logout link is clicked. And I put a little security check about the status of the cookie variable everytime before loading the detailed member profiling. The page layout is like: Login page,-->check the login name/password database-->profile page(only login cookie is true, redirect back to login if false)
2
3200
by: Jonathan Trevor | last post by:
Hi, For the last couple of releases of a product we're developing we've been running to very wierd behavior from IE and our ASP.NET web application which serves up various types of files and I'm getting very frustrated in trying to solve it! We content we are serving up is potentially sensitive and therefore we DO NOT want it cached on the remote client (IE) beyond the lifetime of the application rendering it (IE, Powerpoint, Word...
14
2104
by: Tom.PesterDELETETHISSS | last post by:
Hi, I think this question requires an in depth understanding of how a browser cache works. I hope I can reach an expert here. I may have found a quirk in the asp.net documentation or I don't understand what the SetAllowResponseInBrowserHistory does. While researching caching I tried the code sample at the following page : http://msdn2.microsoft.com/library/97wcd0a4(en-us,vs.80).aspx
3
1192
by: Vikas Kumar | last post by:
Hi am using usercontrols in my application like header and footer and some other i want to do cashing on them how will i do that i mean will i have to write <%5@outputcache...... on my user control i want to do caching for 1 hr what will be the exact statement that i will write on my user controls
7
1325
by: toubuddy | last post by:
dear how do we disable the back and forward button on internet explorer.
22
8230
by: canabatz | last post by:
Hi all! i got a countdown timer for auctions that runing. i got a DIV that refreshs every 4 seconds that DIV is refreshed by ajax ,the file that is refreshed is timer.php for example!! my problem is that the timer.php is not showing up. if i run the timer.php alone it is showing the timer ,the problem i think it's because the timer sits inside the ajax DIV and that is what i think making me the problem!!
9
2072
by: canabatz | last post by:
i am not sure if this is the right way to use this AJAX script i did! i want to know i f it will be compatible with IE 6 also!! function getXMLHttp() { var xmlHttp; try { //Firefox, Opera 8.0+, Safari
9
1407
by: techuse | last post by:
document.getElementById('util_overview').innerHTML = "";
0
10845
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
0
10549
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
1
10592
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
1
7792
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
0
5650
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
0
5828
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
4456
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
2
4019
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
3
3116
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.