<si************@hotmail.com> wrote in message
news:11**********************@h76g2000cwa.googlegr oups.com...
Hi All,
what is the diference between these two cache control header.
no-cache and no-store.
I have read the w3.org explanation.
So lets say I am using only no-cache ....my understanding is that
nothing is cached and nothing is writen to disk.
but what happens when we use no-store....i think..nothing is written
to disk but it could be cached.
Now my question where is this cache located...is it only in memory
?....if it is written to disk how log is it there and when does it gets
cleaned.
Is no-cache more secure than no-store ..why?
We can assume IIS and IE6.0 SP2 being used.
Thanks
Siddharth
There seems to be considerable confusion in this thread. However the w3
specs are quite clear as to the function of these values.
Cache-Control: no-cache
When an responses passes through a cache and the entity is cachable (has an
ETag or Last-Modified-Date or possible other rules a cache might use) it
will be cached (even with this header present).
When a subsequent request for that entity arrives at the cache ordinarily
the cache may have used various rules ot determine whether it passes on the
request to the original server (or other proxy in the chain) or whether to
supply the cached entity it has. However since the the original response
carried the no-cache directive the cache MUST not supply the cached entity
with out checking back with the original server. It will use a GET with
If-Modified-Since and/or if-no-match headers and may get a 304 response
indicating it can go ahead and use the cached entity.
Cache-Control: no-store
When a response passes through a cache that has the no-store value the cache
MUST not keep a copy of the entity in the message. Simple as that, no
permanent copy should be found of it anywhere between the origin server and
the browser itself (include the local temporary cache). For buffering
purpose it may appear on disk in a transient file but the file should be
deleted as soon as the cache has passed the entity on.
Pragma: no-cache
Is depracated in HTTP/1.1. It is equivalent to Cache-Control: no-cache. A
client can request that the cache chain between it and the origin server
check to make sure that any entity it intends to send from it's store is up
to date first.
Anthony.