17563Re: [rest-discuss] Stateful APIs
- Jun 3, 2011Agreed.
On Jun 3, 2011, at 12:52 PM, Eric J. Bowman wrote:
> Subbu Allamaraju wrote:
>> Will Hartung wrote:
>>> Having URLs return different representations based on who is logged
>>> in is perfectly acceptable HTTP. We see that all the time with
>>> cookies and what not. But it pretty much eliminates a lot of the
>>> benefits, such as caching. I don't know if proxies cache different
>>> the same URLs based on the authentication header or not. I doubt it.
>> Caches don't maintain infinite number of variations as such a
>> practice usually leads to very poor cache hit ratio. This is not a
>> case of right vs wrong, it is just inefficient from cache operability
>> point of view.
> It depends on the system. If the 'not logged in' use case accounts for
> a significant amount of traffic, the default response can be set to
> cache-control: public, while personalized responses (the 'logged in'
> use case) set cache-control: private.
> So Vary: Authorization should only result in one cached variant on
> public caches. I'm not seeing the caching downside to this approach,
> seeing as how I don't want to publicly cache personalized responses.
- << Previous post in topic